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REPORT OF THE UNITED STATES (U) 

The United States of America, by and through the undersigned Department of Justice 
attorneys, respectfully submits this report and supporting documents in response to the Court's 
Primary- Order dated July 9, 2009, and similar predecessor Orders. (T5,'/3V>W) — 

The National Security Agency (NSA) has completed an end-to-end review of its handling 
of call detail records produced pursuant to the Orders. The review began earlier this year after 
the discovery that NSA had not handled the records in the manner authorized by the Court, and it 
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has identified several serious instances of non-compliance. Although NSA successfully 
implemented many of the Orders' requirements, in several instances it treated records collected 
pursuant to the Orders in the manner it treats information collected under other NSA collections, 
without the necessary regard for the unique nature and requirements of this Court-ordered 
collection. (TS//3I//NT) 

NSA has since remedied these instances of non-compliance, primarily through a series of 
technological fixes and improved training. It has implemented the new oversight procedures set 
forth in the Orders and self-imposed by NSA., and proposes to implement additional procedures 
in the event that the Court authorizes NSA to query the records using telephone identifiers that 
NSA has determined meet the reasonable, articulable suspicion standard This report, the 
supporting declarations of the Directors of NSA (Exhibits A and B) and Federal Bureau of 
Investigation (FBI) (Exhibit C), and the attached NSA report (Exhibit D) (the "End-to-End 
Report") aim to provide the Court with assurance that NSA has addressed and corrected the 
instances of non-compliance and is taking the additional steps described herein to monitor and 
ensure compliance with the Court's Orders going forward The documents describe the results of 
NSA's end-to-end review, the remedies for instances of non-compliance, the testing of 
technological remedies, and additional procedures employed and proposed to be employed. 
They also explain how valuable the collection and analysis of the records is to the national 
security. Based on these findings and actions, the Government anticipates that it will request in 
the Application seeking renewal of docket number BR 09-09 authority that NSA, including 
certain NSA analysts who obtain appropriate approval, be permitted to resume non-automated 
querying of the call detail records using selectors approved by NSA. (TStYSJ//NE)^ 
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I. BACKGROUND (LT) 

Ln docket number BR 06-05 and each subsequent authorization, including docket number 
BR 09-09, the Government sought, and the Court authorized NSA, pursuant to the Foreign 
Intelligence Surveillance Act's (FISA) tangible things provision. 50 U,3.C. § 1861 et seq. , to 
collect in bulk and on an ongoing basis certain call detail records or "telephony metadata. 5 ' 1 The 
Government will refer herein to call detail records collected pursuant to the Court's 
authorizations in this matter as "BR metadata." NSA analyzes the BR metadata, using contact 
chaining fe gfeg""^ ^ tn find and identify known and unknown members or agents 

IF) 



The Orders direct the Government to treat the BR metadata in accordance with 

minimization procedures adopted by the Attorney General. Among these minimization 

procedures in docket number BR 06-05 was the following: 

Any search or analysis of the data archive shall occur only after a particular 
known telephone num ber has been associated with ^S^fyJBiSB 
Ijt^^^g^^^^S^. More specifically, access to the archived data shall 
occur only when NSA has identified a known telephone number for which, 
based on the factual and practical considerations of eve^day life on which 
reasonable and prudent persons act, there are facts giving rise to a 



1 "Call detail records/'' or ''telephony metadata," include comprehensive communications routing 
information, including but not limited to session identifying information ( e.g. . originating and terminating 
telephone number. International Mobile Subscriber Identity (3MSI) numbers, International Mobile station 
Equipment Identity (IMEI) numbers, etc.), trunk identifier, telephone calling card numbers, and time and 
duration of call. A "trunk" is a communication line between two switching systems. Newton's Telecom 
Dictionary 95 1 (24th ed. 2008). Metadata does not include the substantive content of any communication, 
as defined by 1 8 U.S.C. § 25 1 0(8), or the name, address, or financial information of a subscriber or 
customer. T?§^^ 

" The Primary Order in docket num ber BR 06 -05 authorized NSA to query the BR metadata using 
telephone identifiers associated with ^B8! |jJ. Later a uthorizations expanded the telepho ne identifiers 
that NSA could use for queries to those associated with fa^ yyg^^ rHl see docke t 

number BR 06-05 (motion to ame nd granted in August 2006), and, later. th^;TaE!5^S? l SBi§l 
^ j ^^ ^^^^^^^^^^^M ^ see docket number BR 07-10 (motion to amend granted in June 2007). 
The Court's authorization in dock et number BR 09-09 appro ved querying related tcj 

Primary Order, docket number BR 09-09, at 5-7. (T5//SI//1NT) 
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reasonable, articulable suspicion that the telephone number is associated 
with pfiWSgffiB^ provided, however, that 

a telephone number believ ed to be used by a U.S. person shall not be 
regarded as associated with |^nfglffig£5<^ 

solely on the basis of activities that are protected by the First Amendment to 
the Constitution. 

Order, docket number BR 06-05. at 5 (emphasis added). For purposes of querying the BR 
metadata, all subsequent Orders in this matter required the Government to comply with the same 
standard of reasonable, articulable suspicion. 3 See, e.g. . Primary Order, docket number BR 09- 
09 5 at 5-7, As authorized by the Orders in docket numbers BR 06-05 through BR 08-13, NSA 
determined which telephone identifiers met the RAS standard and, therefore, could be used to 
query the BR metadata. In addition, the Orders contained minimization procedures that 
governed other aspects of the use. retention, and dissemination of BR metadata. JT^ffSiUHE^ 

Beginning in mid-January 2009, the Government notified the Court of instances of non- 
compliance with the Court-ordered minimization procedures in this matter. The first written 
notice, filed on January 15, 2009, reported that, through an automated "alert list" process, NSA 
had conducted automated queries of the BR metadata using non-RAS-approved telephone 
identifiers, NSA shut down this automated alert list process entirely on January 24 ; 2009 s and 
the process remains shut down. iTS^Si/ZNEi^ 

By Order dated January 28 , 2009, the Court ordered the Government to file a written 
brief concerning the alert list process. In response to this Order, the Director of NSA ordered 
that NSA complete an end-to-end system engineering and process review of its handling of the 
BR metadata. On February 7 26 ; 2009. after it filed its brief, the Government provided written 
notice to the Court of additional non-compliance incidents. These incidents were identified as a 



" In this memorandum the Government will refer to this standard as the "RAS standard" and telephone 
identifiers that satisfy the standard as ii R J AS-approved.""'^S)^ <> ^ 
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result of the end-to-end review and. like the alert list process, also concerned queries of the BR 



metadata using telephone identifiers that were not RAS-approved at the time of the queries. 
- (TC//S1//NP ) — 



On March 2, 2009, the Court issued an Order that required NS A to seek Court approval to 

query the BR metadata on a case-by-case basis, except where necessary to protect against an 

imminent threat to human life. The Court further ordered that: 

Upon completion of the government's end-to-end system engineering and 
process reviews, the government shall file a report with the Court, that shall, 
at a minimum, include: 

a, an affidavit by the Director of the FBL and affidavits by any other 
official responsible for national security that the government deems 
appropriate, describing the value of the BR metadata to the national 
security of the United States and certifying that the tangible things 
sought are relevant to an authorized investigation (other than a threat 
assessment) to obtain foreign intelligence information not concerning a 
U.S. person or to protect against international terrorism or clandestine 
intelligence activities, and that such investigation of a U.S. person is 
not conducted solely on the basis of activities protected by the First 
Amendment; 

b. a description of the results of the NSA's end-to-end system 
engineering and process reviews, including any additional instances of 
non-compliance identified therefrom; 

c, a full discussion of the steps taken to remedy any additional non- 
compliance as well as the incidents described herein, and an affidavit 
attesting that any technological remedies have been tested and 
demonstrated to be successful; and 

d. the minimization and oversight procedures the government proposes 
to employ should the Court decide to authorize the government's 
resumption of regular access to the BR metadata. 

The Court's Primary Orders in docket numbers BR 09-01, BR 09-06, and BR 09-09 contain 
these same reporting requirements. JTStfSi¥^4?^^ 
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Subsequent Orders have required thai the Government's report include additional 
information regarding certain instances of non-compliance and/or other matters. These farther 
reporting requirements are summarized in the Primary Order in docket number BR 09-09: 

• a full explanation of why the government has permitted dissemination outside 
NSAof U.S. person information in violation of the Court's Orders in this matter: 

• a full explanation of the extent to which NS Ahas acquired call deta il records of 
foreign-to-foreign communications from [^^^^^^^^^^^^^^ pursuant to 
orders of the FISC, and whether the NSA's storage, handling, and dissemination 
of information in those records, or derived therefrom, complied with the Court's 
orders; and 

• either (i) a certification that any overproduced information, as described in 
footnote 1 1 of the government's application [ i.e., credit card information], has 
been destroyed, and that any such information acquired pursuant to this Order is 
being destroyed upon recognition; or (ii) a full explanation as to why it is not 
possible or otherwise feasible to destroy such information. 

(TS//SI//NF) 

II. VALUE TO THE NATIONAL SECURITY (U) 

Analysis of the BR metadata addresses a critical, threshold issue for the Government's 
efforts to detect and prevent terrorist acts affecting the national security of the United States; 
identifying the terrorists and their associates. Ex. B at 4-5. 15: Ex, C at 4, 19. The| 
analysis of the BR metadata - contact chaiiun JiS share tins purpose. 

Contact chaining analysis identifies which telephone identifiers have been in contact with a 
telephone identifier reasonably suspected to be associated with a terrorist. Ex. B at 5-7, I 



Hfe. rTg//g L//NR 

Because the BR metadata is a collection of historical telephony metadata, NSA analysts 
are able to look back in time to identify not only recent contacts and patterns, but those in the 
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past. Id. at 6. By the time the Government associates a telephone identifier with a terrorist, the 
terrorist who was using it may have moved on to a new one. The historical nature of the BR 
metadata, however, allows for the identification of past con tacts [j| IflgBjJ . It, therefore, 
increases the likelihood of identifying previously unknown associates and telephone identifiers. 
Id at 6.1TS#SW&E^ 

The BR metadata provides information on the activities of terrorists and their associates 
that is not available from other sources of telephony metadata. Collections pursuant to Title I of 
FISA ? for example, do not provide NSA with information sufficient to perfonn multi-tiered 
contact chaining ^^^^^^^^^J . Id. at 8. NSA's signals intelligence (SIGINT) collection, 
because it focuses strictly on the foreign end of communications, provides only limited 
information to identify possible terrorist connections emanating from w r ithin the United States. 
Id. For telephone calls, signaling information includes the number being called (which is 
necessary to complete the call) and often does not include the number from which the call is 
made. Id. at 8-9. Calls originating inside the United States and collected overseas, therefore, 
often do not identify the callers telephone number Id. Without this information. NSA analysts 
cannot identify U.S. telephone numbers or, more generally; even determine that calls originated 
inside the United States. Id TTS#Si//M]^ 

The BR metadata helps till these foreign intelligence gaps. Unlike information NSA 
acquires during its traditional SIGINT operations outside the United States, the BR metadata 
identifies the telephone identifiers of the person placing a telephone call from within the United 
States. Id. at 9. It also identifies the U.S. telephone identifiers of persons receiving a call from a 
foreign terrorist. NSA thus is able to provide the FBI with information about contacts between a 
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U.S. telephone identifier and a foreign terrorist, thereby alerting it to possible terrorist-related 
activity within the United States. IcL at 9-10.TTS7ySi/^iE^ 

According to NSA, not having this information can have grave consequences. As an 
illustration, prior to the September 11, 2001 > attacks, NSA intercepted and transcribed seven calls 
made by hy acker Khalid al~Mihdhar 5 then living in San Diego, California, to a telephone 
identifier associated with an al Qaeda safe house in Yemen. Id. NSA intercepted these calls 
through its overseas SIGINT collection and, as noted above for telephone calls originating within 
the United States, the calling party identifier was not included in the signaling information. Id. 
Because they lacked the U.S. telephone identifier and had nothing in the content of the calls to 
suggest that al-Mihdhar was inside the United States, NSA analysts mistakenly concluded that al- 
Mihdhar remained overseas when, in fact, he was in San Diego. Id. The BR metadata, by 
contrast, would have included the missing information and might have permitted NSA analysts to 
place al-Mihdhar within the United States prior to the attacks and tip that information to the 



NSA acts on and otherwise makes use of the results of its BR metadata queries. Id. at 3. 
Where appropriate, it provides those results to other U.S. Government and foreign government 
agencies. From May 2006 (when the Court issued the first Orders in this matter) through May 
2009. NSA disseminated 277 reports containing approximately 2,900 telephone identifiers that 
NSA had identified through its analysis of the BR metadata. Id at 1 2r(TSffS¥^E)^ 

The tips or leads the FBI receives are among the most important because they can act as 
an early warning of possible domestic terrorist activity. Ex. C at 6-7. As noted above, the BR 

4 The 9/1 1 Commission Report alluded to the failure to share information regarding a facility associated 
with an al Qaeda safehouse in Yemen and contact with one of the 9/1 1 hijackers (al Mihdhar) in San 
Diego, California, as an important reason the Intelligence Community did not detect al Qaeda ! s planning 
for the 9/1 1 attack. See "The 9/1 1 Commission Report/' at 269-272. (U) 
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metadata is unique in that it can provide more complete information about domestic telephone 
identifiers in contact with terrorist associates. The earlier FBI obtains information about a 
threat — in this case, information about a domestic contact — the more likely it will be able to 
protect against the threat. Id at 6, Without BR metadata tips, the FBI might never learn about 
domestic contacts; with these tips, it learns about them promptly, Id 7 ? TS/? t Si/ ) Q^£}^^ 

" The FBI has opened predicated international terrorism investigations based, at least in 
part, on BR metadata tips, including twenty-seven full investigations between May 2006 and the 
end of 2008, Id at 7-9. In those cases. BR metadata provided predication for opening the 
investigation/" 5 Id at 7. Examples are set forth in the accompanying Declaration of the FBI 
Director. Id at 9-19, In other cases, BR metadata provided additional information regarding an 
existing investigation and advanced that investigation. Id at 5-6. In any such case, the BR 
metadata was a valuable source of foreign intelligence for the FBI, assisting it in uncovering the 
operations of ^*»«^^ and in 

thwarting terrorist activities targeting the United States, its citizens, and its interests abroad. 6 Id 
at 19.TTS^#N^^ 

III. RESULTS OF THE END-TO-END REVIEW (U) 

The results of the NSA's end-to-end review are discussed in detail in the Director of 
NSA's Declaration (Exhibit A) and the End-to-End Report (Exhibit D). Generally, the end-to- 
end review focused on two major components of implementation of the BR FISA Orders — 
system-level technical engineering and execution within the analytical framework. The end-to- 



3 In these twenty-seven fill] investigations opened based on BR metadata tips, the FBI has issued forty-six 
intelligence information reports to U.S. government agencies and thirty-one intelligence information 
reports to foreign government partners. Ex. C at 9. (TS/ZSIZ/ftTF) — 



6 Based on the value of the BR metadata, the FBI Director has certified thai the BR metadata is relevant to 
authorized investigations (other than threat assessments) to obtain foreign intelligence information to 
protect against international terrorism. See Ex. C at 19. (TS//S.ty/NF) . 
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end review revealed that there was no single cause of the identified instances of non-compliance 
and that there were a number of successful oversight, management, and technology processes 
that operated appropriately. Nonetheless, the end-to-end review uncovered additional instances 
of non-compliance, all of which were brought to the Court's attention shortly after their 
discovery during the end-to-end review. ' The NSA concluded that these instances of non- 
compliance stemmed from or were exacerbated by a primary focus on analyst use of the data, the 
complexity of the overall BR FIS A system, and a lack of shared understanding among the key 
stakeholders as to the full scope of the BR FIS A system and the implementation of the BR FIS A 
Orders. Each specific instance of non-compliance identified as part of the end-to-end review is 
briefly discussed below. The remedies for the instances of non-compliance are discussed in the 
following section. " (Tr^TY/NT) _ 

A. Domestic Identifiers Designated as RAS-Approved Without Review by NSA 
OGC T^Si 

The end-to-end review revealed that historically a significant number of domestic 
identifiers were added to the Station Table as RAS-approved without first undergoing the 
required review 7 by NSA OGC, This happened in two distinct ways. First identifiers reported to 
the Intelligence Community as having a connection with one of the Court-approved terrorist 
organizations before and after the BR FISA Orders were, until December 15. 2008, added to the 
Station Table as RAS-approved without NSA OGC review. 8 Second, NSA discovered that 

1 As a result of the end-to-end review, NSA also discovered several areas that presented a potential for 
non-compliance or a vulnerability in management and/or oversight controls. While these areas were not 
deemed compliance matters and therefore are not discussed in detail herein, the issues and the steps NSA 
has taken to address them are discussed in the End-to-End Report in sections H.B.I , ILB.4, and E.B.5, 

s This matter was identified as a potential instance of non-compliance on page 4 of Exhibit C to the 
Application in docket number BR 09-01 filed on March 4, 2009. and is discussed in section of H.A.4 of 
the End-to-End Report and on page 12 of Exhibit A. t$*k 
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historically errors were made when implementing the BR FIS A Orders and consequently some 
domestic identifiers were initially RAS-approved without the required review by NSA OGC 9 
(TG//3I//HT) — 



B* Data Integrity Analysts* Identification and Use of Non-User Specific Identifiers 
— 

NSA discovered during the end-to-end review that Data Integrity Analysts were, as part 
of their authorized access to the BR metadata, identifying identifiers not associated with specific 
users J ! ! ! ! ! Vt=g ft?TTT?T?TyfTttttt^^ '{' .^muggg 

those identifiers wdth analysts through out the NSA not authorized to access the BR metadata. 
(TS//GI//NT) 



and sharing 
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C. Use of Non-RAS- Approved Correlated Identifiers to Query the BR Metadata 
- (TS//SI//NF)- 

The end-to-end review revealed that management practices and NSA tools permitted 
analysts to query the BR metadata using a non-RAS -approved identifier if that identifier was 
correlated to a RAS-approved identifier 11 



While 



historically NSA tools permitted queries of non-RAS -approved identifiers based or 



9 This matter was the subject of a preliminary notice of compliance incident filed on June 29 ; 2009, and is 
discussed in section of HB.7 of the End-to-End Report and on pages 12-13 of Exhibit A. 

10 This matter was the subject of a preliminary notice of compliance incident filed on May 8. 2009. and is 
discussed in section of ILB,2 of the End-to-End Report and on pages 18-20 of Exhibit A. 

n This matter was the subject of a preliminary notice of compliance incident filed on June 15, 2009. and 
is discussed in section of H.B.3 of the End-to-End Report and on pages 13-15 of Exhibit A. TfS^ 
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D, Improper Dissemination of the Results of BR FISA Queries lTS7YSi//W^ 

As a result of the end-to-end review, it was revealed that NSA's historic, general practice 
as to the dissemination of U.S. person identifying information derived from BR FIS A 
information was to apply United States Signals Intelligence Directive IS (USSID 18) and not the 
more restrictive dissemination provisions of the Court's Orders. 12 In addition, NSA also 
uncovered two specific instances of non-compliance concerning the dissemination of BR FISA 
query results. First. NSA discovered that unminimized query results were available to Central 
Intelligence Agency (CIA). FBI, and National Countertenrorism Center'(NCTC) analysts via an 
NSA database, lo Second. NSA discovered that on one occasion unminimized U.S. person 
identifying information was improperly | 
^^^^^^^^^^^^^^J (TS//SL7NF) 

E. ^ 

is the software tool interface used by analysis to manually 

query the BR metadata chain summaries. In connection with the end-to-end review, NSA 
developed a new version ot ^:— ■ - that limits the number of hops permitted 




u This practice was the subject of a preliminary notice of potential compliance incident filed on June 26. 
2009, and specifically mentioned in the Court's Primary Order in docket number BR 09-09. This practice 
is mentioned in section ILB.9 of the End-to -End Report and discussed more fully on pages 36-38 of 
Exhibit A^XS^^ 

i3 This matter was rhe subject of a preliminary notice of compliance incident filed on June 16, 2009, and 
is discussed in section of II.B.8 of the End-to-End Report. A_ fuller explanation of this practice is set forth 
at pages 29-36 of Exhibit A. f$h^ 

M This matter was the subject of a preliminary notice of compliance incident filed on June 29. 2009, and 
is discussed in section of IIJB.9 of the End-to-End Report. 
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from a RAS -approved telephone identifier to three, in accordance with the Court's Orders. 
During testing of the beta version ot feiiiiiiiiigj , NSA determined that, despite the hop 
restriction, a feature callec 



could be invoked to 

provide an analyst with the number of unique contacts for a third-hop identifier, a type of 
information that would otherwise only be revealed by a fourth hop. 15 Prior versions of^~m 

| feature ^(TS77S1#N^ 



also included th^ 

IV. STEPS TAKEN TO REMEDY INSTANCES OF NON-COMPLIANCE (U) 

In addition to those instances of non-compliance noted above, Exhibit A and the End-to- 
End Report address three instances of noncompliance noted in the Court's March 2 Order — the 
Telephony Activity Detection Process. 1 '^ ^^iiBii^J 1 1 and certain inappropriate queries by NSA 
analysts, 1 8 All of these instances of non-compliance have been remedied, and the NSA Director 
has attested as to the testing and functionality of the technological remedies employed by NSA. 
Ex. A. at 28. For purposes of discussing the remedies implemented by NSA it is helpful to 
divide the instances of noncompliance into two broad categories: (1) unauthorized queries via 
automated processes and tools; and (2) operator errors within the BR FISA analytic framework. 
(TS//SLVNF) 



J9 



3 ~ This matter was the subject of a preliminary notice of compliance incident filed on August 4, 2009. and 
is discussed on pages 15-17 of Exhibit A *^S}k 

i6 This issue is discussed in section of II A. 1 of the End-to-End Report and on pages 5-7 of Exhibit A. ^< 

u This issue is discussed in section of IIA.2 of the End-to-End Report and on pages 7-9 of Exhibit A. l^S^ 

lS This issue is discussed in section of IIA.3 of the End-to-End Report and on page 9 of Exhibit A.^fS)— 

u The NSA's identification and use of non-user specific identifiers is not addressed below, as that 
formerly non-compliant practice was specifically authorized by the Court in docket number BR 09-09. 
See Primary Order, docket number BR 09-09 ; at 12. fPS} 
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A. Unauthorized Queries Via Automated Processes and Tools (U//FOUO) — 
NSAhas remedied the Telephony Activity Detection Process anc ^ - ■ ■ ■ incidents by 
eliminating their ability to access the BR metadata. Ex. A. at 6-8. Specifically, NSA shut down 
the flow of incoming BR metadata into the Telephony Activity Detection Process on January 24. 
2009. Id, at 6. Accordingly, the Telephony Activity Detection Process could no longer query the 
incoming BPv metadata with the non-RAS-approved identifiers on the alert list On February 20 ; 
2009, NSA prevented the Telephony Activity Detection Process. ^ SSTr^ or any other 
automated processes and tools from accessing the BR metadata in it ^j ■ | database by 

removing all previously used Public Key Structure (PKI) system-level certificates that gave 
processes and tools access to the BR metadata 20 Id at 8-9. By removing these PKI system-level 
certificates NSA revoked all automated processes and tools' access to the BR metadata in 




and therefore, rendered the automated query processes and tools inoperable. Id. 



The end-to-end review concluded that apart from the Telephony Activity Detection Process's 
querying of incoming BR metadata, no other automated processes and tools queried BR metadata 
outside of^.unnrrfgj Accordingly, the removal of the PKI system-level certificates ensures 
that no automated processes or tools are now permitted to query the BR metadata, (TS//SI//NF) 

The Emphatic Access Restriction (EAR), discussed below, provides further protection 
against automated processes and tools from querying the BR metadata inappropriately. 
Specifically, even if ^^^^^J or some other tool were permitted to access the BR metadata, 
EAR would prevent it from doing so with anything but a RAS-approved identifier. EAR will 
continue to serve this function even if the Court grants NS As request to resume querying based 
on its own RAS-approval authority. See id at 28-29. (TS//SI//NF) 

20 A PKI system-level certificate is essentially a 'ticket' 5 used by the system to recognize and authenticate 
that the automated capability has the authority to access the database. See Ex. A at '8. (TC//GWINT) ~ 
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B. Operator Errors with the BR FISA Analytic Framework ITS^ 
Several instances of non-compliance resulted from analysts' actions that were 
inconsistent with the Court's Orders rather than the functioning of a specific technological 
process or tool. Although some human error is inevitable in any activity. NSA has addressed 
each of the identified areas prone to human error with a combination of improved oversight and 
training, regular reports to the Court, and technological remedies. TTS^ 
1. Queries with Noa-RAS- Approved Identifiers 
As noted in the Court's March 2 Order and uncovered during the end-to-end review, 
analysts used non-RAS-approved identifiers to query the BR metadata. See IILQ supra ; Ex. D 
at II. A.3. NSA eliminated the potential for this type of analyst error from being repeated by 
implementation of the EAR on February 20, 2009. See Ex. A at 9, 15. ^ C V/GL '/ NF) - 

The EAR is a software restrictive measure that prohibits queries to the BR metadata in 
| using non-RAS-approved seeds. Before a given query to the BR metadata is 
executed, the EAR in effect checks the RAS status of the seed for the query against the Station 
Table. If the seed for a given query is RAS-approved, the EAR permits the query to be run. If 
the seed for a given query is not RAS-approved. the EAR will not permit the query to be 
executed/ 1 In this way, NSA has provided a technological remedy to the potential for analysts 
entering non-RAS-approved identifiers as query seeds, and this remedy will continue to apply 
should the Court permit NSA to resume non-automated querying of the BR metadata, Ex. A at 9- 
10 JTSMSimi 



i] The hAR does not offer the same Drotection to the BR metadata outside of 




l^ ^yj^^ ' ^^ u ^^i^? ^! NSA's audit of queries to the KjljBr^ revealed 
that no inappropriate queries were ran by anal ysts against the BR- metadata containe d i nk. In the futu re 
NSA intends to migrate the functionality of th «flg | l ^^g^^pj^^gggygjpj^^ 1 - ntc ft^^^S^8 or 

its successor, to brine all BR metadata under the protection or the EAR. Ex. A at 9 n.5; Ex. D. at 9. 23. 
^ 
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2. Queries More Than Three Haps From RAS-Approved Identifier's^ 
As noted above, the beta version of — — — and prior versions contained the ^^g} 

tgffggj feature that gave analysts contacts information that normally is available only on an 
unauthorized fourth hop from a RAS-approved identifier NSA corrected ^^S555sl t0 disable 
the [friz^S^^ feature for last-hop identifiers. As of July 31. 2009. analysts can access the BR 
metadata contact chain summary repository only through use of jfc- ■ ■ ■ ■ ■ ■ All prior versions 
of| | have been locked out from access to the BR metadata contact chain summary 
repository. Ex. A at 16-17. (TS//SI//NF) 

3, Improper Designation of Identifiers as RAS-Approved "fS^ 

As uncovered during the end-to-end review, historically NSA had included on the Station 
Table as RAS-approved identifiers reasonably believed to be used by U.S. persons without those 
identifiers being reviewed by NSA OGC, See III A. supra . The first step to remedying this non- 
compliance was to change the identifiers that should have been reviewed by NSA OGC from 
"RAS-approved" to "not-RAS -approved." NSA did this for the identifiers designated as RAS- 
approved based on being reported to the Intelligence Community in early February 2009. Ex. A. 
at 12. NSA reports that the few identifiers improperly RAS-approved in 2006 were all identified 
and disapproved or properly approved in 2006 shortly after they were identified. Id, at 13. 
Continued training and oversight mechanisms employed by NSA are designed to ensure that 
these Incidents will not be repeated. -fTR. // ST / 'HF) 

4< Improper Disseminations of U.S, Person Information l^S^ 

As uncovered during the end-to-end review, NSA disseminated BR metadata-derived 
U.S. person information in a manner not consistent with the Court's Orders. See IILD. supra . 
The mechanism that resulted in the inapuroDriate dissemination B?PB*3| was shut down in 
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advance of the end-to-end review, and, therefore, required no remediation. Moreover, NSA 
confirmed that JjlPJpiirged the inappropriately disseminated information from its systems and 
did not further disseminate it before doing so, Ex. D at 18. NSA disabled external access to the 
database that was the other mechanism for inappropriate disseminations on June 12, 2009. Ex. A 
at 33. NSA's review concluded that approximately one -third of the 250 anatysts with permission 
to access the database between August 2005 and January 2009 actually accessed it, Id. at 34, 
NSA further determined that approximately forty-seven analysts queried the database in the 
course of their counterterrorism responsibilities and accessed directories containing the results of 
BR metadata queries, including un-rmnimized U.S. person-related information. Id. Finally, a 
review of NSA reports containing BR metadata with U.S. person identities indicated a significant 
number of dissemination were approved by an official permitted to approve such determinations 
pursuant to USSID 18, but not the Court's Orders, and without the appropriate determination 
required by the Courts Orders. Id at 38~ 39. 22 (TS//SI//NF) — 

As noted in section VI below, additional training and oversight, as well as the weekly 
reports to the Court on disseminations, should prevent similar instances of noncompliance,"" 
Moreover, as noted in Exhibit A and the End-to-End Report, these and other non-compliant 
dissemination practices were the product of an incomplete understanding of the dissemination 



^ In docket number BR 09-09, the Court approved additional individuals to approve disseminations to 
include the Chief, Information Sharing Sendees, the Senior Operations Officer, the Signals Intelligence 
Directorate (SID) Director, the Deputy Director of NSA, and the Director of NSA.. (TS//SI/VNT) 

23 In addition to the above practices, NSA's litigation support team conducts prudential searches in 
response to requests from Department of Justice or Department of Defense personnel in connection with 
criminal or detainee proceedings. The team does not perform queries of the BR metadata. See Ex. A at 
36 n. 19. The Government respectfully submits chat NSA's sharing of U.S. person identifying information 
in this manner does not require a dissemination determination and need not be accounted for in NSA's 
weekly dissemination report, (XSi/SIZZHE) 
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requirements set forth in the Court's Order and as a result of the end-to-end review NS A 
personnel are now well aware of the Court-ordered dissemination requirements. (TSTTSTZ/NFj — 
V. OTHER MATTERS (U) 

A. Storage, Handling and Dissemination of Foreign-to-Foreign Records "(TS)^ 

■it' I ^ 



NSA has acquired records of foreign-to-foreign communications from! 

With the possible exception of certain foreign-to-foreign records produced by 
^^^^^ NSA has stored, handled and disseminated foreign-to-foreign records produced pursuant 



to the Orders in accordance with the terms of the Orders. See Ex. A at 39-44 ^^||f| 
§jBP| and 46-47 ^^^ (TS/ZSI/rtflT) 
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NSA advised that for the first time, in May 2009, stated it produced foreign-to- 

foreisji recorda 



pursuant to the Orders. 



stopped its production of this set of foreign-to-foreign records on May 29. 2009, after service of 
the Secondary Order in BR 09-06. which carves out foreign-to-foreign records from the 
description of records to be produced, Id. at 42-43. 7^57^4//^^ 



Furthermore, because the records are records of foreign-to-foreign communications, 
almost all of them do not concern the communications of U.S. persons. To the extent any of the 
records concern the communications of U.S. persons, such communications would be afforded 
the same protections as any other U.S. person communication ^ ^^^^^^JJ^^?sssss^bsu^^ 

I authorities. Id. at 43. 
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B, Storage and Handling of Credit Card Information C^S^ 
In the months after the issuance of Orders in docket number BR 06-05, a smal] 
percentage of records produced b y and ^^fc^ contained credit card numbers in one of 

the fields when a caller used a credit card to pay for the call. See Ex. B, docket number BR 06- 

removed credit card numbers from this field in 



08, at 6-8. At NSA's request, 



and 



MM 



the records they provided to NSA starting on July 10. 2006, and October 1 1 5 2006, respectively. 
Ex. B, docket number BR 06-12, at 5-7. Since that time. NSA spot checks have confirmed that 



i - - ; 



continue to remove credit card numbers from the relevant field. Ex. A. at 48, 
Also since that time, NSA spot checks have identified only one record containing a credit card 
number. Id. That record, identified in a March 2008 spot check, contained a credit card number 



in a field different from the field filtered byg ^| and ^^8 ^ (TS//SLVNF) 

According to NSA, it is not feasible for NSA to destroy the records received before 
October 2006 and the one identified in March 2008 that contain credit card numbers. At this 
time, the records are stored in one of three locations: back-up tapes. ■■■ A -.T7gJ storage of 
raw records, and the fc^j^/^i^M fejjjjjM 25 Destroying records stored in any of these 



~ 3 Although NSA used the records that contain credit card numbers to make chain summaries (which in 
turn are stored in the chain summary database), the credit card numbers did not become part of the chain 
summaries and. therefore, are not stored in the chain summary database. Id. at 48 n.26. (TS//SI//NF) — 
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three locations requires significant personnel, time, and system resources that are not justified 
given the operational need for certain information and the measures to secure the records. Id. at 
48-50. (TS//SI//NF) 

NSA has an operational need for the non-credit card information contained in the records. 
To destroy records in the ^ww?^^ that contain credit card numbers, NSA 

would have to destroy a swath of records in addition to those few containing credit card 
numbers. IcL at 49. In the event of a catastrophic failure, NSA would rebuild the contact 
chaining database with records now 7 stored on tapes. If NSA were to destroy those records thai 
contain credit card information, either in the ^^^^^ , " , " , " , " , " , " , " , " , " or on tapes, it would 

lack information that is necessary for operations and that otherwise it is authorized to retain 
under the Orders. Id, at 48-49. (TS//SI//NF) 

Balanced against this significant operational loss is the reasonable measures currently 
taken by NSA to secure the records. Records contained on back-up tapes and in ^BBBBjllll 
raw ; records are not available to analysts for queries. In the , NSA 
masks the credit card numbers when the records are retrieved in response to an analyst query. Id. 
at 48-50, Masking ensures that analysts do not have access to the credit card numbers, and 
analysts cannot unmask the information. Id at 48 n.26. In the fixture, when NSA reconstitutes 

the[ :- ; ■ J within another system, see Ex. D at 9, the fields 

containing credit card information will not be included in the data transfer and will be purged. 
Ex. A. at 49. (TS//SI//NF) 

VI, PROCEDURES DESIGNED TO MAINTAIN ONGOING COMPLIANCE WITH 
THE ORDERS (U) 

Beginning in docket number BR 08-13, the Government has implemented and the Court 
has imposed several requirements that will help ensure compliance with the Orders. Each of 
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these requirements is set forth in the Primary Order in docket number BR 09-09, In general they 
require regular communications between NSA and the Department of Justice's National Security 
Division (NSD) on significant legal interpretations, compliance with the Orders, and oversight 
responsibilities. Primary Order, docket number BR 09-09, at 13-14. Also, by requiring the 
sharing of NSA's procedures for controlling access and use of the BR metadata and for training 
with the National Security Division, the Order gives NSD greater insight into NSA's 

implementation of its authorities. Id. at 8 s 13, (TS//SI//NF) 

Other requirements and self-imposed "fixes/ 1 including technological fixes, specifically 
address the problem of unauthorized queries of the BR metadata. As noted above, NSA 
technological fixes prevent any automated querying of the BR metadata and any querying with 
no n-RAS -approved identifiers. NSA also has implemented a new user interface ^MMgapj^f 
- that will limit the number of query hops to three, as authorized by the Orders. Ex. A at 27, 
Apart from these technological fixes, NSA has recently created the new position of Director of 
Compliance, who reports directly to the Director and Deputy Director of NSA and has full-time 
responsibility in this area. Rat 28. (TS//GI//NT) 

The Order's requirements serve as an important backstop for these technological fixes. 
In the event that NSA seeks to implement an automated query process in the future, it must 
obtain the approval of both NSD and the Court. Primary Order, docket number BR 09-09. at 14, 
The Orders also now require that all persons accessing the data, including technical personnel, be 
briefed on the authorizations and restrictions in Orders regarding the BR metadata, id. at 10. 
This broader training requirement is designed to prevent, among other things, the creation of 
processes to access the BR metadata by persons lacking a necessary understanding of the 
restrictions, In the event that even these safeguards fail, more explicit requirements for logging 
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access to the BR metadata are designed to identify the source of the non-compliance. See id. at 
9-10. (TS//SI//NF) 

These requirements also provide the Court with additional information regarding NSA's 
implementation of the Orders, Specifically, any renewal Application must include the report on 
the meeting between NSA and NSD regarding compliance with the Orders. Id. at 13-14. In 
addition. NSA must file a report every week describing any dissemination of BR metadata and 
certifying whether NSA followed the Order's requirements for dissemination. M. at 10-11. The 
dissemination report and ti^e training requirement for persons receiving results of BPv metadata 
queries also address NSA's prior non-compliance with the Order's dissemination requirements. 
In addition, following renewal of the authorities in Docket Number BR 09-09 and any 
subsequent renewal an attorney from NSD will meet with appropriate NSA personnel to brief 
such personnel on the requirements of the Court's authorization. (TS//SI//NF) — 

Last, in the Application that the Government intends to file for the renewal of docket 
number BR 09-09. it will seek authority to resume querying the BR metadata using telephone 
identifiers that NSA has determined meet the RAS standard, Although NSA's violations of the 
Orders did not concern its application of the RAS standard, the standard is the cornerstone 
minimization procedure that ensures the overall reasonableness of the production. It is 
appropriate, therefore, that in connection with the request for authority to make RAS 
determinations the Government proposes two additional minimization and oversight procedures 
concerning PAS determinations and queries. First. NSA plans to review its RAS determinations 
at regular intervals. Specifically, NSA will review a RAS determination at certain intervals: at 
least once every one hundred eighty days for U.S. telephone identifiers or any identifier believed 
to be used by a U.S. person; and at least every year for all other telephone identifiers. Ex. A at 
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25. Second, where such information is available, NSA will make analysts conducting queries 
aware of the time period for which a telephone identifier has been associated with ^gBBSSaj 




organizations, in order that the analysis and minimization of the information retrieved from the 
queries may be informed by that fact. Id, at 26, (TS//SI//NF) 

The Application will also include two oversight requirements similar to those included in 
the Order in docket number BR 08-13 and prior Orders, Specifically, twice during the ninety day 
period of authorization. NSD will review NSA's queries of the BR metadata, including a review 
of a sample of the justifications for RAS approval. Moreover, NSA will report to the Court twice 
during the ninety day penod of authorization regarding, among other things, its queries of the BR 
metadata. The Court will maintain the authority to approve automated query processes upon 
request from the Government; once DOJ and NSA are comfortable requesting such authority 
from the ^nrr-rTS" g T/ / HP> 
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CONCLUSION (U) 
The Government recognizes that no oversight regime will eliminate all risk of non- 
compliance. The above requirements, fixes, and proposed procedures, however, address the 
identified and systemic instances of non-compliance with the Orders and seek to protect against 
vulnerabilities with the implementation of future authorities. The Government respectfully 
submits that together these steps provide a solid foundation to monitor and promote continued 
future compliance. The Government will continue to monitor, evaluate and report to the Court 
on the effectiveness of the oversight and compliance regime discussed herein. X^tt$&ME^^ 

Respectfully submitted. 
DavidS. Kris 

Assistant Attorney General for National Security 



By: 




Office of Intelligence 
National Security Division 
United States Department of Justice 
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WASHINGTON, D.C. 
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BUREAU OF INVESTIGATION FOR AN 
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Docket number: BR 09-09 




DECLARATION OF LIEUTENANT GENERAL KEITH B. ALEXANDER, 

UNITED STATES ARMY, 
DIRECTOR OF THE NATIONAL SECURITY AGENCY 

(U) BACKGROUND 

(U) I, Lieutenant General Keith B. Alexander, depose and state as follows: 

(U) I am the Director of the National Security Agency ("NSA" or "Agency" 1 ) . an 
intelligence agency within the Department of Defense ("DoD"), and have served in this 
position since 2005. 1 currently hold the rank of Lieutenant General in the United States 
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Army and, concurrent with my current assignment as Director of the National Security 
Agency, I also serve as the Chief of the Central Security Service and as the Commander 
of the Joint Functional Component Command for Network Warfare. Prior to my current 
assignment, I have held other senior supervisory positions as an officer of the United 
States military, to include service as the Deputy Chief of Staff (DCS, G-2), Headquarters, 
Department of the Army; Commander of the U.S. Army's Intelligence and Security 
Command; and the Director of Intelligence, United States Central Command. 

(U) As the Director of the National Security Agency, I am responsible for 
directing and overseeing all aspects of NSA's crypto logic mission, which consists of 
three functions: to engage in signals intelligence ("SIGINT") activities for the U.S. 
government, to include support to the government's computer network attack activities; 
to conduct activities concerning the security of U.S. national security telecommunications 
and information systems; and to conduct operations security training for the U.S. 
government. Some of the information NS A acquires as part of its SIGINT mission is 
collected pursuant to Orders issued under the Foreign Intelligence Surveillance Act of 
1978, as amended ("FISA"). 
(U) PURPOSE AND SUMMARY 

(TS//SI/^ff) T his Declaration responds to the Court's Order of 2 March 2009 in 
docket number BR 08-13 and its subsequent orders in docket numbers BR 09-01, BR 09- 
06, and BR 09-09 concerning NSA's incidents of non-compliance in implementing a 
24 May 2006 Order of the Court pursuant to 50 U.S.C. § 1 861 (Access to Certain 
Business Records for Foreign Intelligence and International Terrorism Investigations), as 
well as subsequent renewals of the 24 May 2006 Order. NSA refers to the program in 
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which such records are acquired and analyzed as the "Business Records FISA Order" or 
as the "BR FISA." 

(TS//SI/;W) Th e Orders in docket numbers BR 0843, BR 09-01, BR 09-06 5 and 
BR 09-09 direct that the government file with the Court, upon completion of NSA's end- 
to-end system engineering and process reviews of its handling of the BR FISA metadata, 
a report that includes, among other things: (1) a description of the results of NSA's end- 
to-end review, to include any additional instances of non-compliance identified 
therefrom; (2) a full discussion of the steps taken to remedy any additional non- 
compliance as well as those incidents described in the Court's 2 March 2009 Order in 
docket number BR 08-13, and an affidavit attesting that any technological remedies have 
been tested and demonstrated to be successful; and (3) the additional minimization and 
oversight procedures the government proposes to employ should the Court decide to 
authorize the government's resumption of regular access 1 to the BR metadata. See, e.g., 
Primary Order, docket number BR 09-06, at 15-16. This Declaration responds to each of 
these requirements. Each of the matters discussed in this Declaration, with the exception 
of the J Srifiiriirifiiffi matter, is discussed in greater depth in NSA's 

Report dated 25 June 2009 entitled "Implemention of the Foreign Intelligence 



(TSZ/GI/yW) The term "regular access" refers to NSA's proposed resumption of previously authorized 
access to the BR FISA metadata, to include automated alerting and querying of the metadata, as well as the 
authority to establish whether a telephony selector meets the Reasonable Articulable Suspicion ("RAS") 
standard for analysis. I understand that in seeking renewal of the authority granted by the Court in Docket 
Number BR 09-09. the government will not be seeking the resumption of "regular access" to the BR FISA 
metadata. Rather, the government intends to seek authority': (a) for certain designated NS A officials to 
approve access to the BR metadata fo r purposes of obtaining foreign intelligence information through 
contact chaining ^^^^^jj^t^J using telephone identifiers that those officials have deter min ed meet 
the RAS standard; and (b) for NSA analysts who have received appropriate training on the BR FISA 
metadata ("BR-cleared analysts") to be able to access the BR metadata to perform queries. Resumption of 
automated alerting and/or querying of the BR metadata will be sought via subsequent submissions and 
commence only with the approval of the Court. 
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Surveillance Court Authorized Business Records FISA Order - NSA Review" (hereafter 
"End-to-End Report 55 )* which is attached hereto. 

— (TSZZSIZ^JF) In summary, NSA's end-to-end review compared all aspects of its 
handling of the BR FISA metadata with the requirements of the Orders in docket number 
BR 09-06 and prior docket numbers. This review identified several new issues, in 
addition to the issues previously reported to the Court, that are of concern to NSA. This 
Declaration addresses issues, including those that required some form of technical 
remedy or "fix," which fall into four general categories: the use of automation to assist 
analytic efforts in a manner not authorized; improper analyst queries of the BR metadata 
repository; improper access to or handling of the BR metadata; and lack of a shared 
understanding of the BR program. With the exception of the( | issue, each of 

the issues addressed herein is discussed in more detail in the End-to-End Report. 

HTS/t'SI^S^ Court's Primary Order in docket number BR 09-09 requires that 
"the government's submission regarding the results of the [BR FISA] end-to-end review" 
include: (1) "a full explanation of why the government has permitted dissemination 
outside NSA of U.S. person information in violation of the Court's Orders in this matter;" 
(2) "a full explanation of the extent to which NSA has acquired call detail records of 
foreign-to-foreign communications from |^^^^^^^^^^^^^>ursuant to orders of 
the FISC, and whether the NSA's storage, handling, and dissemination of information in 
those records, or derived therefrom, complied with the Court's orders;" and (3) "either (i) 
a certification that any overproduced information, as described in footnote 10 of the 
government's application, has been destroyed, and that any such information acquired 
pursuant to this Order is being destroyed upon recognition; or (ii) a full explanation as to 
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why it is not possible or otherwise feasible to destroy such information." Primary Order, 
docket number BR 09-09, at 16-17. This Declaration also responds to each of these 
requirements. 

(TS//SI//EJF) T he statements made in this Declaration are based upon: my 
personal knowledge; information provided to me by my subordinates in the course of my 
official duties — in particular as a result of the end-to-end systems engineering and 
process reviews conducted atNSA since the filing of my declarations in this matter on 17 
and 26 February 2009 in docket number BR 08-13; the advice of counsel; and 
conclusions reached in accordance with all of the above, 
I- (U) END-TO-END REVIEW 

A. (U) RESULTS, REMEDIES, AND TESTING 

1. (ll77F©UQ^Use of Automation in a Manner Not Authorized 

(TS//SLVNF) T he Telephony Activity Detection (Alerting) Process 

(TS//SI//NF) As previously reported in my declaration filed on 17 February 2009, 
until 24 January 2009, NSA employed an activity detection ("a/ez-f") process, which used 
an "alert list' 3 consisting of counterterrorism telephony identifiers 2 to provide automated 
notification to signals intelligence analysts if one of their assigned foreign 
counterterrorism targets was in contact with a telephone identifier in the United States, or 
if one of their domestic targets associated with foreign counterterrorism was in contact 
with a foreign telephone identifier. NSA's process compared the telephony identifiers on 

. 2 (TS<V5I//NF) fat the context of this Declaration, the term "identifier" means a telephone number, as that 
term is commonly understood and used, as well as other unique identifiers associated with a particular user 
or telecommunications device for purposes of billing and/or routing communications, such as International 
Mobile Subscriber Identity (IMS I) numbers, International Mobile station Equipment Identity (EMEI) 
numbers, and calling card numbers. 
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the alert list against incoming BR FISA telephony metadata as well as against telephony 
metadata that NSA acquired pursuant to its Executive Order (EO) 12333 SIGINT 
authorities. Reports filed with the Court incorrectly stated that NSA had determined that 
all of the telephone identifiers it placed on the alert list were supported by facts giving 
rise to a reasonable, articulable suspicion (RAS) that the telephone identifier was 
associated with one of the targeted Foreign Powers as required by the Court's Orders, i.e., 
RAS approved. In fact, the majority of telephone identifiers included on the alert list had 
not been RAS approved, although the identifiers were associated with the Foreign Powers 
covered by the Business Records FISA Order. 

(TS//SI//OT) The Telephony Activity Detection Process was turned off at 1 :45 
a.m. on Saturday, 24 January 2009. On Monday, 26 January 2009, the Telephony 
Activity Detection Process was restarted, but without the use of metadata obtained 
pursuant to the Business Records FISA Order. In other words, at present, NSA compares 
telephony metadata obtained pursuant to its EO 12333 SIGINT authorities against a list 
of telephone identifiers that are of interest to NSA's counterterrorism personnel. No 
BR FISA metadata is being used as an input in the Telephony Activity Detection 
Process. 3 

(TS//SI//NF) The shutdown of the Telephony Activity Detection Process was 
done by technical experts assigned to NSA's Technology Directorate (TD) and witnessed 
by representatives from NSA's Signal's Intelligence Directorate (SED). A subsequent 




TOP S E CRE T//C OR IINT//N O F Q RN 
31 August 2009 Production 



75 



TOP SECRET//COMINT//NOFOKN 

demonstration to SID Oversight and Compliance on 27 January 2009, following 
resumption of the Telephony Activity Detection Process using telephony metadata 
obtained pursuant to NSA's EO 12333 SIGINT authorities, confirmed that the system 
was not processing any BR FISA metadata. Tests conducted at that time demonstrated 
that no results of "BRF" (Business Records FISA) type were contained in the system, and 
no internal system processes for alerting on BR FISA metadata were running on the 
system. A sample of alert email notifications was examined and only EO 12333 alerts 
were being produced. Since that time, periodic reviews conducted by NSA's Homeland 
Security Analysis Center (HSAC) Technical Director (at least twice per month) have 
confirmed that the Telephony Activity Detection Process system has continued to 
produce only EO 12333 alerts. 

qj77FPt^ KTh^ Mechanism 

~ (TG//BI//NF ).As previously reported in my declaration filed on 26 February 2009, 
NSA analysts worldng counterterrorism targets had access to a tool known as 




|" to assist them in determining if a telephony identifier of interest was 



present in NSA's EO 12333 SIGINT collection or BR FISA metadata repositories and, if 
so, what the level of calling activity was for that identifier. - Although this tool could be 
used in a stand-alone mariner, it was more frequently invoked by other analytic tools. On 
19 February 2009, NSA confirmed that the | | tool enabled analysts to query the 

BR FISA metadata, as well as metadata obtained from EO 12333 SIGINT collection, 
using telephone identifiers that had not been determined to meet the RAS standard. 

(TS//SI//NF) NSA had previously disabled certain tools designed to perform 
searches against BR FISA metadata in J- ----imm^rf one of the data repositories used to 
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store BR FISA metadata, on 6 February 2009. To prevent additional instances of non- 
compliance in the access to the data within the ^^^^^^J BR FISA contact chaining 

repository by automated tools/processes, including | | 0TL ^ February 2009, 

NSA removed all existing system level Public Key Infrastructure (PKI) certificates that 
afforded these tools/processes access to the BR FISA metadata m [i^mmffiiij 4 A PKI 
system-level certificate is essentially a "ticket" used by the system to recognize and 
authenticate that the automated capability has the authority to access the database. As a 
result of the removal of system level certificates, all automated query capabilities against 
the ^r^ i . ? . i . ? . i . ? . i . ? . i . ? :. ? . fl. [ ^ jR FIS A contact chaining repository were rendered inoperable. 
Removal of the system level certificates was done hv ^tewtitfjj^ technical personnel, 
A subsequent inspection conducted by both ^yyyyuyuuy^ J technical personnel and SID's 
Oversight and Compliance verified that the certificates were no longer on the list of 
authorized BR FISA users. HSAC analysts then subsequently verified that the automated 
processes no longer worked following removal of the certificates. 

" (TG//uLWIF) S ubsequent inspection of the system logs, to include an audit of 
activity from 1 March - 1 June 2009, conducted by SID Oversight & Compliance, 
confirmed that the system level certificates were no longer able to access the BR FISA 
metadata ii ^ J ^ZZlZ BttB! gS| These system logs, which document any person or process 
submitting queries to the( | BR FISA contact chaining repository, indicated 

that only manual queries by individual BR-cleared analysts were performed. These logs 
were then used by SID Oversight & Compliance to audit each analyst's queries of the BR 



4 C S ) MA ■ ' " -^ir** ,jgrn^^wiw^ . discussed below, exists outside of 




and, therefore, was not affected by this remedy. 
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FIS A metadata. Continued periodic review of these logs will confirm that no automated 



a tested and Court-approved capability is brought into operation. 

2T(T§7ySI//NEiImproper Queries of the BR Metadata Repository 
"TOTyf^BQ^lmproper Analyst Queries 

(TS/ZSI/rtiT) M y declaration filed on 26 February 2009 identified and discussed 
queries using non-RAS approved identifiers of the BR FISA metadata by analysts who 
did not realize their queries were reaching into the BR FISA metadata. NSA 
implemented a software modification (the "Emphatic Access Restriction" or "EAR") that 
allows chaining on only those identifiers that have been deter min ed to satsify the RAS 
standard. The EAR is designed to eliminate the possibility of this problem recurring. 

(TS//SI/AJF) As previously reported to the Court, three NSA analysts 
inadvertently performed chaining within the BR FISA metadata using non-RAS approved 
identifiers, To ensure compliance with the Business Record FISA Order's requirement 
that NSA personnel use only RAS-approved identifiers to query the BR FISA metadata, 

NSA made system level changes to the BR FISA B»« ^^ repository (Action 1) that 

is used by analysts to perform contact chaiiun g^g ^^ This software 

restrictive measure, the EAR, ensures queries are employed using only RAS-approved 
identifiers as seeds and prohibits queries made with non-RAS-approved identifiers as 
seeds against the Bu^jwww«»«JR R FISA contact chain in g repository. 3 




processes are gaining access to the BR FISA metadata in 




until such time that 





discussed below, exists outside of I 




and. 



therefore, queries to it are not vetted by the EAR. 
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(TS/m/ft^) ^ *^ was the software tool 

interface used by analysts to manually query the BR FISA chain summaries in 
|&^^^^^ at the time the EAR w T as implemented. The EAR is written into the 
fsmmmBtS^ middleware. 6 As a BR-cleaxed analyst logs into [I i^^J , the 
Authentication Service determines if the user is approved for access to the BR FISA 
metadata. However, before the middleware will execute the query, the EAR requires that 
it access a(|^™"5|J database that contains the disposition of RAS-approved 
identifiers. pTr~ J ~~~~~"j ^ now obtains from HS AC, on an approximately hourly basis, the 
most up-to-date Station Table with the current list of RAS-approved identifiers. (The 
Station Table serves as NSA's definitive list of identifiers that have undergone RAS 
determinations.) Upon obtaining the RAS-approval status of the query "seed," the EAR 
determines whether to allow the middleware to conduct the query or prohibit it. 
Additional "hop" queries will be permitted by EAR as long as the lineage of an identifier 
resolves back to a RAS-approved "seed." As discussed further below, NSA began to 

implement "" J| in late July 2009, which, as an additional middleware software 

restrictive measure, will limit the number of hops permitted from a "seed" to three, in 
accordance with the Court's Orders. As of 31 July 2009, access to fte| pR 
FISA contact chaining repository can only be achieved through use of ^pii^Bgffi 
(discussed below). All prior versions of ^ ^jjjjjjj^J have been locked out from access to 
this data. 



6 (U) Middleware is a general term for any progra mmin g that serves to "glue together" or mediate between 
two separate and usually already existing programs. A co mm on application of middleware is to allow 
programs written for access to a particular database to access other databases. 
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__ (TS//GI//W) To further mitigate the possibility of additional instances of non- 
compliant querying of the BR FISA material, NSA created a software interface (Action 
2) that requires authorized analysts affirmatively to invoke an option (or "opt in") for 
access. This "opt in" measure was designed prior to the end-to-end review to ensure that 
analysts know when they have accessed thej!^g2§|| BR FISA metadata repository. 
As an additional remedy (Action 3) and to ensure queries against the BR FISA metadata 
are evaluated against the most current list of RAS-approved identifiers, NSA now ensures 
rt^^BBS^BB' ^ e s Y stem that is used for contact chaining yjffj^^ 
the BR FISA repository, is updated on an hourly basis with the most current list of RAS- 
approved identifiers from the Station Table. 

(TS/ZOI/fl i fF) The software measures described in Actions 1 and 2 above were 
tested by p 7 .. .. ■TTTi ..g^ technical personnel at the component level via unit tests, a 
methodology used to verify that individual units of source code are working properly. 
Each affected software component was modified as necessary, and then specific tests 
were conducted to ensure the proper operation of that software component For Action 1, 
the test methodology for the EAR software consisted of standard component testing. The 
tests included attempts to query with both approved and non-approved identifiers. 
Queries against approved identifiers ran successfully, while queries against non-approved 
identifiers failed. As the deployment of the EAR was done with urgency to remedy this 
compliance issue, initial testing was conducted over a period of two days. For this 
reason, the full test suite was re-run the week following the EAR's implementation to re- 
verify test results. The testing was judged to be complete and no "bugs" or deficiencies 
were found. For Action 2, the test included attempts to use the approved user interface 
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(which operated correctly) and the prohibited user interfaces (which failed). Action 3 
was tested by verifying receipt of the expected update file on an hourly basis, comparing 
the file sizes of the file-sent and file-received, and automated production of an e-mail 
verifying that the status changes had been applied to the operational system. Following 
testing, the system was demonstrated to show correct operation to TD leadership, 
members of the HSAC, SID Oversight & Compliance, and NSA's Office of General 
Counsel (OGC). Subsequent inspection of system logs, to include an audit of activity 
from 1 March - 1 June 2009, conducted by SID Oversight & Compliance, provided 
additional verification that the system was operating correctly. 

(TS//SLVNF) U.S . Identifiers Designated as RAS-Approved without OGC Review 
_(TS //c n y/ NF) Between 24 May 2006 and 2 February 2009, NSA Homeland 
Mission Coordinators (HMCs) or their predecessors concluded that approximately 3,000 
domestic telephone identifiers reported to Intelligence Community agencies satisfied the 
RAS standard and could be used as seed identifiers. However, at the time these domestic 
telephone identifiers were designated as RAS-approved, NSA's OGC had not reviewed 
and approved their use as "seeds" as required by the Court's Orders. NSA remedied this 
compliance incident by re-designating all such telephone identifiers as non RAS- 
approved for use as seed identifiers in early February 2009. NSA verified that although 
some of the 3,000 domestic identifiers generated alerts as a result of the Telephony 
Activity Detection Process discussed above, none of those alerts resulted in reports to 
Intelligence Co mmu nity agencies. 7 

^T^/mUW). The alerts generated by the Telephony Activity Detection Process did not then and does not 
now, feed the NSA counterterxorism target knowledge database described in Part LA. 3 below. 
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— (TB//SI//NT) Another historic incident of non-compliance, uncovered during the 
end-to-end review, relates to errors made in the process of implementing the initial BR 
FISA Orders in 2006, when a few domestic telephone identifiers were designated as 
RAS-approved and chained without OGC approval due to analyst errors. For example, a 
process error occurred when an analyst inadvertently selected an incorrect option which 
put the domestic telephone identifier into a large list of foreign identifiers which did not 
require OGC approval as part of the RAS approval process. The HMC failed to notice 
the domestic identifier in the large list of foreign identifiers at the time, and once the RAS 
justification was approved, the domestic telephone identifier was chained without having 
first gone through an NS A OGC First Amendment review as required by the BR FISA 
Orders. NSA estimates that this type of analyst error occurred only a few times. Each 
time an error of this type was identified through NSA's quality control regime, senior 
HMCs provided additional guidance and training to analysts, as appropriate, and the 
incorrectly approved identifier was changed to non-RAS approved and then re-submitted 
for proper approval and OGC review. 

fTS/ZSI/^S Vese of Correlated Identifiers to Query the BR FISA Metadata 
, (TS//ST//NTF) The end-to-end review uncovered the fact that NSA's practice of 
using correlated identifiers to query the BR FISA metadata had not been fully described 
to, nor approved by, the Court. An identifier is considered correlated with other 
identifiers when each identifier is shown to identify the same communicant(s). p MMlfei 
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(TS//SI//NF) N SA analysts authorized to query the BR FISA metadata routinely 

i g j to query the BR FISA metadata without a 

separate RAS determination on each correlated identifier. In other words, if there was a 
successful RAS determination made on any one of the identifiers in f ^ | L .,.,;,;,.,.,.,.,;,i_ * j 



correlation! 



and all of the correlated identifier^ 



were considered RAS-approved for purposes of the query because they were all 



associated with fhel 



; correlations from a 



( wmmmm*M - NSA obtained ^ 

variety of sources to include Intelligence Co mmu nity reporting, but the tool that the 
analysts authorized to query the BR FISA metadata primarily used to make correlations is 
1 P.fl BSlHig 
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(TS//3I//I4T) | 
that holds correlation J 
interest, to include results froml 



B»B^^ - a database 
| between identifiers of 
was the primary means by which 



||s 1 1 1 1 ii i iTif J correlated identifiers were used to query the BR FIS A metadata. On 
6 February 2009, prior to the implementation of the EAR, J , ■— — — ^i- j$ 

access to BR FIS A metadata was disabled, preventin g ^fTTTTTff^ ^^^ ^TTTTfft'iJ from 
providing automated correlation results to BR FISA-authorized analysts. In addition, the 
implementation of the EAR on 20 February 2009 ended the practice of treating fBffi 
jftjiAJsl correlations as RAS-approved in manual queries conducted within Bi»mmmW8^ 
since the EAR requires each identifier to be individually RAS-approved prior to it being 
used to query the BR FIS A metadata. NSA ceased the practice of treating pr" " '-' '-' '-' '-' '* m j |j 
correlations as RAS-approved within the ^^^ ^ww^^ 

in conjunction with the March 2009 Court Order. 



(TS//SI7NF) I 



Display Feature Provided 



Information Concerning Contacts of Third-Hop Identifiers 



(TS//SL'/NF) A s discussed abovel 



| is the software tool interface used by 



analysts to manually query the BR FIS A chain summaries inl 



I The latest 



version of I 



as noted above, limits the number of "hops" 
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permitted from a "seed" to three, in accordance with the Court's Orders. During testing 
of the beta version nf ^¥W¥Wff^ and its hop restriction, NSA determined that, despite 
the hop restriction, a feature ™n*ri ^ BHff^^ could 
be invoked to provide an analyst with the number of unique contacts for a third-hop 
identifier, a type of information that would otherwise only be revealed by a fourth hop. 9 
This feature did not return to the analyst any information on the contacts of the last 
selector in a contact chain other than their total number of unique contacts. After 
consultation with NSA OGC ; tfae ^a^iHBjJ feature in the beta version of I 
was disabled for last-hop identifiers. 10 This corrected version of jBWWHHW^ was 
deployed to select users beginning on 23 July 2009. 

- (Try/r!TnTIF)JTir ,-y J4 !^[ feature was not exclusive to the beta version of 
jStTT"* prior versions of^^^^j, since its first delivery beginning in late 
2001/early 2002, provided analysts the P^^ri^ljJ feature. In prior versions of 

Look Ahead was generally the same: if an analyst activated in his 
or her preferences his or her BR FIS A contact cha inin g query results would include the 
number of unique contacts for each returned identifier, including for identifiers in the 
third hop from the RAS-approved seed. 



^^Si^NSA discovered this issue subsequent to finalization of the end to end report. Do J, National Security 
Division (NSD) personnel were notified of the f^£^5^S^^^^T^ feature on 29 July 2009, and 
orally notified Court Advisors on 30 July 2009. The Court was formally notified of this matter with a 
notice filed on 4 August 2009 in accordance with Rule 10(c) of the FISC Rules of Procedure. 
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(TS//SI//HI0 On 24 July 2009, HSAC instructed all persons authorized to query 

the BR FIS A metadata not already using ^.^IlilililS^ to migrate to f ' as soon 

as possible and uninstall all previous versions of the j^mj software. As of 31 July 

2009, access to the f" -*| BR FISA contact chaining repository can only be 
achieved through use of ^*^^"" 8 ^ All prior versions of [v* mM lJ have been locked 

out from access to this data, Following the lock out of all prior ^SBLj versions, the 
system was demonstrated to show correct operation to TD leadership, the Chief HSAC, 
and members of SID's Oversight & Compliance. Should the Court authorize additional 
analysts to query the BR FISA metadata, NSA will ensure that they only do so with 
^mMtMt^M or its successor that likewise does not permit ^ja— ^1 to display the 
number of unique contacts for a third-hop identifier in the BR FISA metadata. 

(TS//SI//NF) N SA identified two common practices used by BR metadata analysts 
that mitigated potential for non-compliance, First, although NSA analysts 
were permitted three hops in the BR FISA metadata from a RAS -approved seed, in 
practice NSA analysts infrequently chained out beyond the second hop. Second, 
^TBgjJ users frequently disablec|g5s3| because its use resulted in slower 
queries. To the extent that [ . 'J'fjjjWKJl was used with BR FISA metadata, NSA has 
concluded, based on discussions withj^jfj users, that the information returned by 
^ nHHug J would not have been disseminated. Instead, J?" ' ' ' '^J ad information was 
used by NSA personnel for target development purposes. The number of unique contacts 
of a third-hop identifier assisted analysts in determining whether the third-hop identifier 
w r as one of genuine interest or not, such as a | | identifier that might be added 

to a defeat list. 
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S.^tnTFOtfe^Jiiiproper Access to or Handling of the BR FISA Metadata 
nrTS//St//NS^ .Data Integrity Analysts 9 Use of BR FISA Metadata 

(TS//SI//EJF) A s part of their Court-authorized function of ensuring BR FISA 
metadata is properly formatted for analysis, Data Integrity Analysts seek to identify 
numbers in the BR FISA metadata that are not associated with specific users, e.g., "high 
volume identifiers." ^m^^^^^^^^^^^^^^^^^^^^^^^^^^^KVVVVVVV^rml 



^^■hi^ NSA 

determined during the end-to-end review that the Data Integrity Analysts' practice of 
populating non-user specific numbers in NSA databases had not been described to the 
Court. 

(TS//SI//E1F) F or example, NSA maintains a database, ^ ZZZZZ" ~ ~ ~ ~ tffl 

which is widely used by analysts and designed to hold identifiers, to include the types of 
non-user specific numbers referenced above, that, based on an analytic judgment, should 
not be tasked to the SIGINT system. In an effort to help minimize the risk of making 
incorrect associations between telephony identifiers and targets, the Data Integrity 
Analysts providect ftpMaiJ included in the BR metadata to jfrMmMM Myy iiiiiiiiiiii m ^ A small 
number of | | BR metadata numbers were stored in a file that was accessible by 

the BR FISA°enabler B?ra|J , a federated query tool that allowed approximately 200 
analysts to obtain as much information as possible about a particular identifier of interest. 
Both |j^wigi^^ and the BR FIS A-enable<^|B3J allowed analysts outside of 

those authorized by the Court to access the non-user specific number lists. 
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--(TSrVSiZ/NFJIn January 2004,| | engineers developed a "defeat list" 

process to identify and remove non-user specific numbers that are deemed to be of little 
analytic value and that strain the system's capacity and decrease its performance. In 
building defeat lists, NSA identified non-user specific numbers in data acquired pursuant 
to the BR FISA Order as well as in data acquired pursuant to EO 12333. Since August 
2008. [ ■ "paaam *1 had also been sending all identifiers on the defeat list to thel 



J^Sd^ff^) While the positive impacts that result in making these numbers 
available to analysts outside of those authorized by the Court seem to be in keeping with 
the spirit of reducing unnecessary telephony collection and minimizing the risk of making 
incorrect associations between telephony identifiers and targets, upon identifying this as 
an area of concern NSA took several remedial actions to end these practices, As of 



2 May 2009, NSA quarantined the BR-derived identifiers onl 



On 



12 May 2009, NSA shut off access to the file containing the small number of BR-derived 

% identifiers by the BR FISA-enabled(5B t0 ° l 0n 1 1 Ma Y 2009, 
| removed eight BR FISA identifiers from its SIGINT-only defeat list. 
JTSJJSifft^F) To verify the technical measures taken were successful, from 1-2 
May 2009, technical personnel segregated and deactivated BR FISA-derived data in 
|ic*™g previously entered by the Data Integrity Analysts. The 



database is hosted in 



database. Each record contains a 



STATUS field that is either set to "ACTIVE" or "DELETE." If the STATUS field is set 
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to "ACTIVE," then the selector is a valid phone number and is being used for a purpose 
of which NSA is not interested; however, the record is available for query by analysts and 
follow-on systems. If the STATUS field is set to "DELETE," then the record is 
unavailable to analysts or other systems. In order to segregate and deactivate the BR 
FISA-derived records, the decision was made to change the STATUS field from 
"ACTIVE" to "DELETE," which means that the number is unavailable to NSA analysts 
or other systems. Due to the volume of entries, a program was written and executed to 
change the status. 

X^^^^Sl^A^ testing the program on a small sampling of data and the test 
results were found to be accurate, the program was executed. Technical personnel 
monitored initial execution and performed a series of tests to validate the results. At the 
completion of program execution, Technical Personnel again performed those tests to 
validate the results. The validation testing was performed three times and results were 
consistent. 

!TS7ySJ//NE)Ljhe Primary Order in docket number BR 09-09 ; dated 9 July 2009, 

now permits NSA to use certain non-user specific numbers and F~Tfiii .ifl identifiers 

for purposes of metadata reduction and management. 
(TS//SI//NF) H andling of BR FISA Metadata 

(TS//SL7NF) T he end-to-end review uncovered that NSA's data protection 
measures were not constructed exactly as the Court Order sets out. Specifically, while 
the Order requires processing of the data to be carried out on "select 5 ' machines using 
"encrypted communications," tiie protections NSA affords the data, though different, are 
quite effective. NSA provides strong and robust physical and security access controls, 
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but there are not specifically designated machines on which the technical personnel are 

required to work nor are the communications encrypted. To accurately reflect NSA's 

data protection measures, NSA worked with the Department of Justice (Do J) to revise the 

orders proposed to and ultimately adopted by the Court in docket number BR 09-06. 

(TS//SI//NF) Data Integrity Analysts sometimes pulled samples of BR metadata 

onto a non- audited group/shared directory to carry out authorized activities. While the 

Data Integrity Analysts are authorized to access the data, they are not authorized to move 

it from the auditable repository into a shared directory where analysts, BR-cleared and 

otherwise, could have viewed the data. This shared folder was in essence a work space in 

which the Data Integrity Analysts could perform their authorized activities. There is, 

however, no reason to believe that analysts, BR-cleared or otherwise, accessed the BR 

metadata through the shared directory: only a small group of non-cleared analysts had 

access to the files on this server and it would have been outside the scope of their duties 

to access the BR metadata samples on the group/shared directory. It is also unlikely that 

any of the cleared analysts would have accessed this data. As an extra safeguard, NSA 

has implemented additional access controls that provide appropriate storage areas for the 

samples of BR FISA metadata used by Data Integrity Analysts for technical purposes. 

(TS//SI//NF) S ystem Developer Access to BR FISA Metadata while Testing New 
Tools 

(Tm/ZSTnT'T) During the review NSA discovered that a group of software 
developers designing a next generation metadata anatysis graphical user interface (GUT), 
fc* - - - - - - - - - - ^w^l (J - - ■ ■ J is the replacement for fcl-^aJ'J and 

uses the same authentication/authorization mechanism as IaiilZJB ), had queried the BR 
FISA metadata 20 times while running tests between September 2008 and February 2009, 
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This access occurred due to the dual responsibilities of the individuals involved. The 

developers on » also have maintenance responsibilities of the 

operational system, | |- where their access to BR FISA is warranted on a 

continual basis. While the actions were in keeping with the Court Orders in place at the 
time of the queries, under the current Court Order the developers will require OGC 
approval prior to engaging in their development and testing activities. 

jT S ■ V g T//> TT 7 ). When this issue surfaced, NSA implemented a software change on 
19 March 2009 to prevent the f l iiiiiiM MM^ GUT from accessing BR FISA 
metadata regardless of the user's access level or the RAS status of the identifier. 11 This 
change was tested b^ FTym^^ developers and ^n*— technical 

personnel via a demonstration that could not be used against 

BR FISA metadata even when a BR FISA-cleared user attempted to do so, NSA also 
implemented an oversight process whereby all BR FISA-authorized technical personnel 
who have both maintenance and development responsibilities have their accesses to BR 
FISA metadata revoked when involved in new systems development, except when 
granted by NSA's OGC on a case-by-case basis. This process will ensure no inadvertent 
access to the data until such time as these technical personnel receive OGC authorization 
to access BR FISA metadata to test technological measures designed to enable 
compliance with the Court Order. SID Oversight & Compliance is notified each time 
anyone's permission to access the BR FISA metadata is changed and tracks these 
changes for compliance purposes. 



, (TS//SI//frnr)-As of 20 February. EAR would have prevented any query made through thd 
TTjrdt^ jGUl that included a no n-RAS -approved identifier. 
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(TS//SI//NF) Ext ernal Access to Unminimized BR FISA Metadata Query Results 
— £ T u //0I//tflr) During the end-to-end review, NSA's Review Team learned that 
analysts from the Central Intelligence Agency (CIA), Federal Bureau of Investigation 
(FBI), and National Counterterrorism Center (NCTC) had access to unminimized BR 
FISA query results via an NS A counterterrorism target knowledge database. This matter 
is discussed in more detail below in Section II. 

4.7TS77SI/7W) Lack of a Shared Understanding of the BR Program 
-fSrVNP) lw --■ - M!.!.!.!.!.!.!.!.!.!.!.!.^ Not Audited Prior to January 2009 
(TS//SI//NF) The end-to-end review surfaced an issue concerning proper auditing 

of the^ ww ^ H In addition to the| | BR FISA 

chaining summary repository in which contact summaries are stored and where the bulk 
of metadata analysis takes place, a separate database, the f""""""""""""""" """"""""""^ 
|f$«fi»^ stores particular fields from each record (as opposed to summaries of those 
records). This database is used regularly by the Data Integrity Analysts but is also 
accessible by other analysts authorized to query the BR FISA metadata. When a report is 
to be issued based on analysis conducted in the repository of contact summaries, analysts 
often verify what they intend to report by accessing the records in this second data 
repository. The end-to-end review uncovered the fact that this second database had not 
been audited. In response, NSA modified the database to enhance its auditability and 
NS A has audited every query made in the database since February 2009 and found no 
indication of improper queries. 12 



1 2 (TS//SI//NF) Although the ftl!!Jt^ - fe^^ suffered a system crash in September 

2008, NSA was ultimately able to recover sufficient data to permit NSA Oversight & Compliance 
personnel to conduct sample audits of queries since the Order's inception. These sample audits revealed no 
unauthorized access to nor improper queries against the BR FISA metadata. 
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(TS//SI//NF) Provider Asserts That Foreign-to-Foreign Metadata Was Provided 
Pursuant to Business Records Court Order 




Section EEL 



B. (U) MINIMIZATION AND OVERSIGHT PROCEDURES 

(TS//SI//NF) In addition to the steps taken to remedy the specific issues identified 
above, NSA plans to institute additional oversight and compliance processes designed to 
ensure that NSA will comply with any order authorizing NSA to resume regular access to 
the BR FISA metadata. 

(TS//SIVNF) Several additional procedures already have been incorporated into 
the Court's Primary Order in docket number BR 09-09. The Primary Order now imposes 
additional access controls for technical personnel In the past, NSA had logged queries to 
the BR metadata by analysts and briefed only those analysts on the authorization granted 
by the Orders. Now, the Orders require NSA to log access to the BR FISA metadata by 
technical personnel as well as by analysts, and to brief technical personnel, as well as 
analysts, on the authorization granted by the Orders. See Primary Order, docket number 
BR 09-09, at 9-10. These tightened controls should provide greater accountability for 
any decision to access the BR FISA metadata and will educate all personnel, particularly 
those who set up the tools and processes for accessing the BR FISA metadata, about the 
rules governing access and use. Additionally, the Primary Order now incorporates 
mechanisms to better ensure that the results of queries to the BR FISA metadata are 
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treated in accordance with the Court's Orders. Specifically, NSA is now providing 
weekly dissemination reports to the Court and analysts not cleared to query the metadata 
are not permitted access to query results before they receive appropriate training. See id. 
at 10-12, 

(TS///SI//N7) T he current Primary Order also incorporates the additional 
oversight procedures first proposed by the government in its application in docket 
number BR 09-01. See id. at 8, 13-14, In general, those additional oversight procedures 
require greater coordination between various NSA components and DoJ's National 
Security Division concerning implementation and interpretation of the Orders. They also 
require that the Court approve the implementation of any automated process involved in 
the querying of the BR FISA metadata. These additional procedures are designed to 
eliminate the risk of incorrect legal interpretations, to ensure timely notice to DoJ and the 
Court of material issues, and to ensure that any automated query process has been tested 
and demonstrated to be compliant with the Orders, and approved by the Court, before 
implementation. 

(TuZ/GIZ/lfl 7 ) N SA will also propose several new min imi zation and oversight 
procedures in the application seeking the renewal of docket number BR 09-09. The 
application will request authority for NSA to resume approving telephone identifiers for 
contact chaining jh.. First, the application will propose that NSA re- 

visit its RAS determinations at certain intervals: at least once every one hundred and 
eighty days for U.S. telephone identifiers or any identifier believed to be used by a U.S. 
person; and at least every year for all other telephone identifiers. This new re- validation 
procedure is designed to ensure that for as long as NSA queries the BR FISA metadata 
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with RAS -approved telephone identifiers, those identifiers will continue to meet the RAS 
standard. Second, the application will propose an express requirement that, where NSA 
has affirmative information that a RAS-approved telephone identifier was, but may not 
presently be, or is, but was not formerly, associated with a Foreign Power, analysis and 
minimization of results of queries using that identifier be informed by that fact. This 
requirement is designed to focus NSA's analysis on the period for which the RAS- 
approved telephone identifier is associated with a Foreign Power. 

(T3//3I//NF) N SA has recently reviewed and revalidated the oversight 
documentation governing the BR FISA. This documentation consists of a set of Standard 
Operating Procedures (SOPs). These SOPs address: access to BR FISA metadata; BR 
FISA audit procedures; compliance notifications; DoJ and NSA OGC spot checks; and 
the respective roles of various NSA personnel involved in oversight and compliance 
activities. 

■^FS^T^Si/ME^LMore recently, NSA's Associate Directorate of Education and 
Training (ADET) has redesigned the BR FISA training package to ensure common and 
expert level proficiency in the rules and procedures governing appropriate handling of the 
BR FISA metadata. ADET, together with NSA OGC and the SID Oversight & 
Compliance organization, has developed and is in the process of implementing a series of 
on-line training modules, complete with competency testing, specifically addressing 
activities conducted with respect to the BR FISA Order. Moreover, an oral competency 
test is currently being administered to each Homeland Mission Coordinator at the 
completion of the training they are currently receiving to ensure they understand the 
restrictions governing access to the BR FISA metadata. 
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— (TS/ZGI^ ' IF ) Should the Court approve the application seeking the renewal of 
docket number BR 09-09 and grant NSA authority to resume approving telephone 

identifiers for contact chaining ^ — y [NSA will update its SOPs and 

training package for the BR FISA to account for the change in authority and the new 
procedures associated with that change. 

-(TQ//GI//OT) NSA has implemented and intends to implement additional software 
restrictions and changes to the BR metadata system architecture. As discussed above, 
NSA implemented a software change, ^^^^^^^ n 2009 to restrict analyst 
queries to the number of hops authorized by the Orders. 13 Furthermore, NSA is 
revamping its baseline system architecture, to include formal system engineering of all 
aspects governing the interaction of analysts and processes. Using principles of system 
engineering, configuration management, and access control, NSA has explored a future 
implementation of the BR FISA program to be used should the Court authorize NSA to 
resume regular access to the BR FISA metadata. This architecture has the potential to 
offer more effective management of the system as a whole, and a team of employees will 
collaborate to manage the entire system. The single approach, providing visibility into 
the overall structure of the system to the entire team, together with the technology 
solutions discussed above, will help prevent an isolated decision to connect a tool or 
process to the BR FISA database. 

(TS/ZSI/flJI 7 ) In addition, requirements from the Court Order will be formally 
translated by NSA into system requirements prior to any changes to the system 

13 IjS^JSA OGC granted apgrova^ordev elopers to access BR FISA metadata for the specific purpose of 
testing and demonstrating K lL<f&i*£gfil 
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architecture, which should prevent problems such as the misunderstanding among 
different personnel as to how the Telephony Activity Detection Process functioned. 
Finally, NSA has recently created the new position of Director of Compliance, reporting 
directly to me and the Deputy Director of NSA. The Director of Compliance has full- 
time responsibility in this area. The Director of Compliance will be responsible for 
continuous modernization and enforcement of our mission compliance strategies and 
activities to ensure their relevance and effectiveness. At the same time, this new position 
will serve as an ongoing reminder of the importance of compliance work, and provide 
greater visibility and transparency in this essential area. 

(TG/ZSI/Ztll 7 ) T he Court entrusted NSA with extraordinary authority, and with it 
came the highest responsibility for compliance and protection of privacy rights. In 
several instances, NSA implemented its authority in a manner inconsistent with the 
Orders, and some of these inconsistencies were not recognized for more than two and a 
half years. These are matters I take very seriously, and the changes NSA has made and 
will make as a result of the end-to-end review, with regard to both analyst access and the 
handling of data, are intended to address them directly and to provide an environment for 
successful implementation and management of the program should the Court decide to 
authorize NSA's resumption of regular access to the BR metadata. The technological 
remedies discussed herein have remedied the identified instances of noncompliance and 
should significantly improve future compliance with the Court's Orders. I attest that each 
of these remedies has been tested and demonstrated to be successful insofar as each 
functions as intended. Although no corrective measures are infallible, I believe that this 
more robust regime and the technological remedies NSA has instituted, particularly the 



TOP SECPJ5T//CQamnr//NOPORN 
31 August 200 §8 Production 



97 



. TOP SFCFET//COaiPJl l //NU^ORi^ 

implementation of the EAR, represent significant steps to reduce the possibility of any 
future compliance issues and to ensure that mechanisms are in place to detect and 
respond quickly if a compliance incident were to occur. 

ii. Trsrmmn pre- jtoe 2009 br fisa dissemination practices 

TrS77S^7WF^hi a 16 June 2009 notice to the Court, the government reported that 
NS A had provided personnel from CIA, FBI, and NCTC access to a database that 
contained, among other things, some un minimized results of BR FISA metadata queries. 
NS A did not make all, or even most, BR FISA query results available via this database. 
Instead, NSA placed only certain BR FISA query results in the database, generally in 
response to specific requests for information received from specially-cleared personnel 
from NSA, CIA, FBI, or NCTC, 

TrSTT'SJ/ZNE^Jn response to this compliance incident, the Court issued an order on 
22 June 2009 which directed NSA to provide the Court with "a full explanation of why 
the government has permitted the dissemination outside NSA of U.S. person information 
without regard to whether such dissemination complied with the clear and acknowledged 
requirements for sharing U.S. person information ... pursuant to the Court's orders" in the 
BR docket. This section responds to the Court's Order for a full explanation of how this 
compliance incident occurred. It also describes actions NSA has taken to investigate and 
remediate the problem. 
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14 -f¥S)-Ihe BR FISA end to end report stated that approximately 200 external analysts were permitted 
access to the database; further investigation revealed that the number is actually closer to approximately 
250. 
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(S//NF) 



(TS//SI//NF) The Court's 2006 BR FISA Order authorized NSA to acquire the 
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15 "t U/; i TOUQ )-Iii contrast, USSID 18 permits NSA to disseminate outside of NSA information identifying 
U.S. persons if the U.S. person information is necessary to understand/o7*ezg77- intelligence or assess its 
importance. USSID IS also permits the Deputy Chief of Information Sharing Services, among others, to 
approve disseminations of U.S. person identifying information. 
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(U) Discovery &nd Response to the Problem 

( TD//DL';Ur) TD June 2009, during the course of NSA's end-to-end review of the 
Agency's implementation of the BR Order, NSA identified as a compliance matter the 



CIA, and NCTC, NSA personnel also determined thai, despite the disabling of the 
hyperlink button in July 2008, external analysts could have continued accessing the 
database if they retained the Uniform Resource Locator (URL) address for the database. 
After this problem was identified on 1 1 June 2009, NSA immediately began terminating 
individual external customer account access to the target knowledge database. NSA 
completed this action by 12 June 2009. 

- (T S //SI^ ' TF) "To determine why this compliance issue occurred, NSA spoke with 
the senior analysts and oversight personnel who were aware of the Court-ordered 
minimization requirements and of how the database was used. These conversations 
revealed NSA personnel generally followed the minimization requirements when the 
Agency issued formal reports based on queries of the metadata acquired pursuant to the 
Court's BR FISA Orders. However, even though the applicability of the minimization 
requirements to the shared database is clear in hindsight, until the issue was discovered 
during NSA's end-to-end review ^ 1 " 



use of the database to make unminimized BR ani 




[uery results available to FBI, 






the new 



dissemination procedures required by the Court's Orders. 
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(T3//3I//NT) S ince identification of this matter, NSA has attempted to determine 
the actual extent of access to the database and/or use of the B J ^agg. iJB 1 ^ ^ a tq ^ s 

part of that effort, the Agency has conducted a detailed audit of log-in activity of external 
analysts from each of the participating organizations. 16 The audit revealed that no 
external analysts accessed the database after January 2009. Prior to that, 



approximately 250 analysts had permission to access the 



database but only about one-third actually did so. Of that number, only approximately 47 
external analysts did more than log in and change their passwords, These approximately 
47 external analysts appear to have queried the database in the course of their 
connterterrorism responsibilities and they accessed directories that contained the results 

o ■ <H " ' L' "jffl BR queries, including unminimized U.S . person-related information. 

[lerived U.S. person information consisted of unmasked telephone 




The BR 



numbers or email addresses that were returned in response to RAS-approved queries 
made of the underlying metadata. 

- (TS//SI//l?T) . In addition to the audits, NSA also asked CIA, FBI, and NCTC to 
describe how their personnel made use of their access to the database. 17 The NCTC 
employees with access to the database reported that they did not make use of any 
unminimized B - ' ' ' ' ' ' jjl 1 1 firv results in any NCTC analytic products. Only two FBI 
analysts accessed this database while researching counterterrorism leads. Several other 




access to the database. 
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FBI analysts believe they may have accessed the database while working closely with a 
team of FBI analysts [FBI Team 10] who were detailed to NSA and working under 
NSA's control, 18 The FBI reported that none of the external FBI analysts published or 
disseminated anything as a result of their access to the database and FBI believes that it is 
"highly unlikely that any FBI-published analytical products or investigative reports ever 
contained this data" from the database. CIA reported that some of its personnel who 
were approved for access to the compartmented counterterrorism program used 
information in the database for lead purposes, to include as a basis for initiating 
coimterterrorism discussions between CIA and FBI personnel. However, CIA's review 

indicated that any information contained in the database, to include fci mjBR 

metadata chaining results, "was used very rarely in finished intelligence products 
produced by CIA analysts for senior policymakers." Instead, information obtained from 
CIA's access to the database was usually used "in conjunction with reporting from other 
intelligence sources." 
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■ (S//SI//NF) M SA has corrected the problem in this specific instance by 
terminating all external access to the database in question. Beyond that, the Agency 
recognizes that the underlying issue is the need to identify all areas of activity that are 
subject to these Court Orders and/ or other legal restrictions and conditions, in order to 
ensure compliance. This requires several elements, including an accurate end-to-end 
picture of how data is handled » by technical (e.g., systems administrators) and 
operational personnel alike - from collection through dissemination; ongoing oversight, 
training, and compliance efforts; and system testing procedures that give assurance that 
data is actually being handled as required. NSA has instituted measures in all these areas, 
as described in detail in the report on the Agency's end-to-end review. In addition, as 
discussed above, NSA has created the new position of Director of Compliance to ensure 
that NSA has a comprehensive and effective compliance program and maintain 
heightened attention in this particular area. NSA continues to work to discover and 
correct any outstanding issues and avoid any recurrence. 

(U) Dissemination of U.S» Person Identifying Information 

(TS//SI//NF) W hen an NSA analyst determines that information identifying a U.S. 
person needs to be included in a report, a designated NSA approving official must 
authorize the release. 19 The Information Sharing Services office is generally the 

^'l S77Si/7 i N¥)-The designated approving official does not make a determination to release U.S. person 
information requested by DoJ or DoD personnel in connection with prudential searches, such as those 
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responsible entity for approving such releases. Within the context of EO 12333 collected 
information, the release authority includes the Chief and Deputy Chief, Information 
Sharing Services, SID Director and Deputy Director, Senior Operations Officer (SOO), 20 
DIRNSA, and Deputy DIRKS A. In the EO 12333 context, the approving authority must 
determine that the information is related to a foreign intelligence purpose, and that the 



U.S. person information is necessary to understand or assess the value of the information. 




NSA followed USSED 18 procedures for the dissemination of U.S. person identities and 
did not appropriately implement the additional requirements identified in the Court orders 
for a determination that the information is related to counterterrorism information. 
Furthermore, NSA did not implement appropriate procedures reflecting the fact that 
individuals other than the Chief, Information Sharing Services were not specifically 
authorized to grant the release of U.S. person information. Although NSA now 
understands the fact that only a limited set of individuals are authorized to approve these 
releases under the Court's authorization, it seemed only appropriate at the time to allow 
her Deputy or those acting in her capacity to be delegated with this authority as well. 

(TS//SI//NF) O n 1 8 June 2009, NSA advised the Office of Information Sharing 
Services that the chief of that office was the only NSA official authorized to approve the 

conducted for criminal or detainee proceedings. In the case of such requests, NSA's Litigation Support 
Team conducts specific prudential searches of NSA holdings but these prudential searches do not include 
or result in queries of the BR FISA metadata. 

20 (G) T he SOO is the Senior Operations Officer, in charge of the National Security Operations Center^ 
NSA's 24/7 operations center, The SOO acts in piace of the DIRNSA, when the DIRNSA is unavailable. 
The Court's Order dated 29 May 2009 recognized that the SOO may approve disseminations for after-hours 
requests. 
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dissemination of any U.S. person identity derived from BR FISA metadata and that the 
chief must make the required findings and document those findings prior to any such 
dissemination. Moreover, on 9 July 2009, in docket number BR 09-09, the Court 
increased the numbers of individuals permitted to approve disseminations to include the 
Chief, Information Sharing Services, the SOO, the SID Director, the Deputy Director of 
NSA, and the Director of NSA. 

ill) Review of Prior Disseminations 

(XS//Si//NFTOn 29 July 2009, members of DoJ/NSD's Office of Intelligence 
Oversight Section completed a review of all BR FISA disseminations containing U.S. 
person identities in order to determine who approved the disseminations and what 
determinations were made, if any, by the approving official. 

jP^//Si//NF) The NSD review identified 280 disseminations of reports containing 
BR FISA-derived U.S. person identities. Of the 280 disseminations, 92 were approved 
by the Chief of Information Sharing Services, 170 were approved by the Deputy Chief of 
Information Sharing Sendees, 15 were approved by a SOO, one was approved by an 
acting Chief of Information Services, and two were approved by an acting Deputy Chief 
of Information Sharing Sendees. The disseminations authorized by persons other than 
the Chief of Information Sharing Services did not occur during any particular time frame. 
Rather, they were distributed throughout the lifespan of the collection. 

JJ^JISIUNF^ 280 disseminations of reports containing BR FISA-derived 
U.S. person identities, 74 were made in 2006, 101 were made in 2007. 95 were made in 
2008, and ten were made in 2009. The waiver forms authorizing each of the 
disseminations in 2006 and 2007, 175 in total, contained no particularized finding 
relating to the purpose of the dissemination. Beginning in July 2008, however, the 
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authorizing waivers contained a general finding that the U.S. person identity was foreign 
intelligence or necessary to understand foreign intelligence. Of the 95 disseminations 
approved in 2008, 82 contained no finding and 13 contained the foreign intelligence 
finding. Beginning in January 2009, the authorizing waiver contained specific 
counterterrorism findings as required by the Court's orders, Eight of the ten waivers 
issued in 2009 contained this finding. The last two disseminations in 2009, one in May 
and one in June, however, had only the more general foreign intelligence finding in the 
waivers. 

(TS//SI//ETF) NSA also reviewed its records of all reports issued that may have 
included BR FISA-derived information, including the records of reports written by 
analysts not specifically authorized to query the BR FISA metadata. 21 NSA did not 
discover any additional reports that were issued by non-BR cleared analysts. 



EEL ^TSt^/NE). NSA'S COLLECTION OF FOREIGN-TO-FOREIGN CALL 
DETAIL RECORDS PURSUANT TO THE BR FISA ORDERS 




— (TSiVGLVNT) T o identify the total number of reports produced and disseminated that contained BR- 
derived information, the NSA reviewed all analyst reporting records, including the records of reports 
written by non-BR-cleared analysts. When drafting reports, all NSA analysts, including both BR-cleared 
analysts and non-BR-cleared analysts, are trained to include in any reporting record the sources of the 
information contained in a report, The NSA's review included an examination of these records, including 
the fields of each record -that might include references to BR-derived source information. The NSA then 
audited the reports that referenced BR-derived information as a source, and excluded those that referenced 
BR sources but in fact that did not contain BR-derived information. Through this methodology the NSA 
was able to determine that 280 were reports were produced and disseminated. Admittedly, this 
methodology would not account for reports issued with BR-derived data that mistakenly failed to reference 
BR sources, 
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was the first indication that NSA had ever received firom^^^^gof its contrary 



understanding. At the May 28, 2009, hearing in docket number BR 09-06, the 
government informed the Court ofteSll J yA\ To address the issue, based on the 
government's proposal, the Court issued a Secondary Order to[^^ff|in docket number 
BR 09-06 that expressly excluded foreign-to-foreign call detail records from the scope of 
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records to be produced. On May 29, 2009, upon service of the Secondary Order in 




almost all of them concern the co mmu nications of non-U. S. persons located outside the 
United States. If NSA were to find that any of the records concerned U.S. persons, their 
dissemination would be governed by the terms of USSID 18 which are the procedures 
established pursuant to EO 12333, as amended. 
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(T3//SI//NT)| 



IV, ITS ^SA'S TREATMENT OF CREDIT CARD DATA CONTAINED IN BR 
EISA METADATA 



(TS77ST/7NF) As first noted in a report to the Court in docket number BR 06-08, 
and noted in footnote 10 in the Application in docket number BR 09-09, a small 



percentage of records received from I 



■contained credit card numbers in 



one of the fields when a caller used a credit card to pay for the call Exhibit B, docket 

■removed credit card 



number BR 06-08, at 6-8. At NSA's request, 
numbers from this field in the records it provided NSA starting on 10 July 2006, and 
1 1 October 2006, respectively. Exhibit B, docket number BR 06-12, at 5-7. Since that 
time, NSA spot checks have confirmed that J 



■continue to remove 
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credit card numbers from the relevant field. Also since that time, NSA spot checks have 
identified only one record containing a credit card number. That record contained a 
credit card number in a field different from the field filtered by |fpg W Iff jWlf §||fi 



NSA identified this record during a spot check in approximately March 2008. 

~(Tu//GLW'JF)-Tlie records containing credit card numbers received before 



iififi 



.... _ _ 

^^^^^flbegan filtering (i.e., records received in October 2006 and before) are stored 



on back-up tapes. 26 Records contained on back-up tapes are not available to analysts for 
queries and are not readily available to technical personnel To destroy the individual 
records that are on back-up tapes would be an extreme resource and system intensive 
endeavor and therefore not feasible. It would require reloading the records from the tapes 
onto servers authorized to process BR metadata, uncompressing tie records, converting 
them to a readable format, identifying those with a field containing a credit card number, 
and then deleting the records. Then NSA would have to test to confirm that only the 
records with credit card numbers were deleted, back-up the records again to tape storage 
and delete them from BR metadata servers. As the back-up tapes are necessary to rebuild 
the contact chaining database in the event of a catastrophic failure, to destroy the tapes 
prematurely would put at risk NSA's ability to recover information important for 
operations and still allowed under the Court Order. In the event of the need to restore the 
I BR FISA contact chaining repository, as the credit card numbers contained 



in those records do not become part of the chain summaries, analysts would still not have 



26 JX^ST/^TF)"These records also are stored in tfo ^gb*JSffijS^ discussed further below, 

where they were masked to analysts, and in the raw call detail record repositories, where they were 
accessible only to technical personnel. See Exhibit B, docket number BR 06-12, at 5-7, and Exhibit B, 
docket number BR 09-09, at 9-10. Analysts are not allowed to have the credit card number unmasked. 
Although these records were used to make chain s umm aries and stored in the chain summary database, the 
credit card numbers contained in the records did not become part of the chain summaries, 
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access to this information. Based on the above information and that the back-up tapes 
will be destroyed upon reaching the end of their authorized retention period, NSA 
considers this information on the back-up tapes secured from user access until their 
required date of destruction. 

1TG//GI//NF) Jhe above records containing credit card information are also stored 

in them J j t [ s nQ i feasible to delete individual records 

rithout deleting all data from 



based on the technical architecture of th\ 
the beginning of the BR FISA orders up to October 2006. The loss of such data would be 
so operationally detrimental that deletion is not feasible. As described in Exhibit B to the 
Application in BR 09-09, NSA's current solution to ensure NSA analysts do not have 
access to this credit card information is masking the data upon retrieval As NSA 
reconstitutes the to S3'stems under a supported 




architecture, the fields containing credit card information will not be included in the data 
transfer and will be purged. 

"XTSZ/SL 1 '/!^ The one record with a credit card number identified by NSA since 
October 2006 exists only in ft U^^p <n^^ J storage of raw call detail records, known as 



the 



tapes are not available to analysts. Likewise, th< 
queries. This record is not stored in the 



and on back-up tapes. As noted above, back-up 
s not accessible to analysts for 
database and was not 




used to build a chain summary because it was an incomplete record. In order to delete 
this single record from the II upon first isolating the appropriate file, NSA would 



have to uncompress the data from the provider's proprietary format, convert the data into 
a readable format, and move the data to a server that hosts the Data Integrity Analysts 5 
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tools to isolate and delete the one record. Removing data on back-up tapes is a difficult 
process as described above. Based on the above information and that the back-up tapes 
will be destroyed upon reaching the end of their authorized retention period^ NSA 
considers this information on the ^rJ ^nd the back-up tapes secured from user access 
until their required date of destruction. 

J^E^SWNFJIji summary, I certify that the overproduced credit card information 
has been destroyed or secured as noted above, and that the records containing 
overproduced credit card information still retained by NSA cannot be accessed by an 
analyst, but as noted above will be destroyed no later than when the records reach the end 
of their authorized retention period. 

V. (V) Conclusion: 

— (TG//uIATIF)"The instances of non-compliance that have been identified in NSA's 
implementation of the Court's orders in the BR docket stemmed from a basic lack of 
shared understanding among the key NSA mission, technical, legal and oversight 
stakeholders concerning the full scope of the BR FISA program. With the remedial steps 
described above, NSA has taken significant steps to reduce the possibility of future 
compliance issues. Further, in moving forward, lessons learned as a result of NSA's 
review of BR FISA practices will be institutionalized, and we will remain constantly 
vigilant in ensuring that we are in strict compliance with the Court's orders. Although no 
corrective measures are infallible, NSA has taken significant steps to reduce the 
possibility of any future compliance issues and to ensure that the mechanisms are in place 
to detect and respond quickly if a compliance incident were to occur. Therefore, I am 
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hopeful the Court will again grant NS A regular access to the BR FISA metadata, which I 
believe is invaluable in helping the Nation detect and thwart potential terrorist threats. 

(U) I declare under penalty of perjury that the facts set forth above are true and 

correct. 



KEITH B. ALEXANDER 
Lieutenant General, U.S, Army 
Director. National Security Agency 
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IN RE APPLICATION OF THE FEDERAL 
BUREAU OF INVESTIGATION FOR AN 
ORDER REQUIRING THE PRODUCTION 




Docket Number: BR 09-09 



DECLARATION OF LIEUTENANT GENERAL KEITH B. ALEXANDER, 

UNITED STATES ARMY, 
DIRECTOR OF THE NATIONAL SECURITY AGENCY 



(U) I, Lieutenant General Keith B. Alexander, depose and state as follows: 



(U) I am the Director of the National Security Agency ("NSA" or "Agency"), an 
intelligence agency within the Department of Defense ("DoD"). and have served in this 
position since 2005. I currently hold the rank of Lieutenant General in the United States 
Army and. concurrent with my current assignment as Director of the National Security 
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Agency, I also serve as the Chief of the Central Security Service and as the Commander 
of the Joint Functional Component Command for Network Warfare. Prior to my current 
assignment, I have held other senior supervisory positions as an officer of the United 
States military, to include service as the Deputy Chief of Staff (DCS, G-2), Headquarters, 
Department of the Army; Commander of the U.S. Army's Intelligence and Security 
Command; and the Director of Intelligence 5 United States Central Command. 

(U) As the Director of the National Security Agency, I am responsible for 
directing and overseeing all aspects of NSA's cryptologic mission, which consists of 
three functions: to engage in signals intelligence ("SIGINT") activities for the U.S. 
Government, to include support to the Government's computer network attack activities; 
to conduct activities concerning the security of U.S. national security telecommunications 
and information systems; and to conduct operations security training for the U.S. 
Government. .Some of the information NSA acquires as part of its SIGINT mission is 
collected pursuant to Orders issued under the Foreign Intelligence Surveillance Act of 
1978, as amended ("FISA"). 

(U) The statements herein are based upon my personal knowledge, information 
provided to me by my subordinates in the course of my official duties, advice of counsel, 
and conclusions reached in accordance therewith. 
(U) L introdiietiQEE 

(TS//SIWF) Pursuant to a series of Orders issued by the Foreign Intelligence 
Surveillance Court ("FISC" or "Court") beginning in May 2006, NSA has been receiving 
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and analyzing certain call detail records or telephony metadata from [fS 



telecommunications providers. NSA refers to the Orders collectively as the "Business 
Records Order" or "BR FISA " The telephony metadata NSA receives via the BR FIS A 
has enabled it in the past to discover and 
unknown persons in the United States and abroad affiliated with |[<gj; 1 1 T«gSjg 



and unknown persons in the United States and abroad affiliated witb BSiS^^^^^ 

their comimmications 5 and act upon and 
disseminate such information to support the efforts of the United States Government, 
including the Federal Bureau of Investigation (FBI), to. detect and prevent terrorist acts 
against the United States and U.S. interests. Continued receipt of the telephony metadata 
is advantageous to NSA's ability to continue its efforts to discover such terrorist 
organizations and their communications, in order to assist the FBI in detecting, 
investigating and preventing terrorist acts against the United States. Accordingly, this 
declaration is intended to provide the Court with my assessment of the value that the 
BR FISA metadata provides to the NSA and the FBI with respect to the Government's 
national security responsibilities for the detection, investigation, and prevention of 
terrorist activities by B",^*"*" 1 ^ fjf 



(S) " Call detail records" or "telephony metadata " include comprehensive communications routing 
information, including but not limited to session identifying information (e.g., originating and terminating 
telephone number, international Mobile Subscriber Identity (IMS!) numbers, International Mobile station 
Equipment Identity (IMEI) numbers, etc.), trunk identifier, telephone calling card numbers, and time and 
duration of call. A "trunk" is a communication line between two switching systems. Newton 's Telecom 
Dictionary 95 1 (24th ed. 2008). Telephony metadata does not include the substantive content of any 
communication or the name, address, or financial information of a subscriber or customer. 
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collectively, the "Foreign 



Powers"). 



£FS>- II. Value of BR FISA Metadata 



- (T5//DL/?iT> -The BR FISA provides access to bulk call detail records which 
primarily include records of telephone calls that either have one end in the United States 
or are purely domestic. This collection of information is not available to NSA through its 
other authorized foreign intelligence information collections. 2 This data has value to 
NSA analysts tasked with identifying potential threats to the U.S. homeland and U.S. 
interests abroad by enhancing their ability to identify, prioritize, and track terrorist 
operatives and their support networks both in the U.S. and abroad. By applying the 
Court-ordered "reasonable, articulable suspicion 55 or "RAS" standard to telephone 
identifiers 3 used to query the BR FISA metadata, NSA analysts are able to; (i) detect 
domestic identifiers calling foreign identifiers associated with one of the Foreign Powers 
and discover who the foreign identifiers are in contact with; (ii) detect foreign identifiers 
associated with a Foreign Power calling into the United States and discover which 



(TG//CL7NF)- For example, NSA obtains foreign intelligence information from its collection of overseas 
communications (SIGINT collection) authorized by Executive Order (EO) 12333, traditional Court- 
authorized electronic surveillance pursuant to Titles I and HI of FISA, Pen Register and Trap and Trace 
surveillance authorized pursuant to Title IY of FISA, and, more recently, the targeting of non-United States 
persons reasonably believed to be located overseas pursuant to Section 702 of the FISA Amendments Act 
of 2008 (FAA). "None of these authorities would allow NSA to replicate, or appropriately analyze, the call 
detail records it receives pursuant to the BR FISA. 

■ 3 (TS//SI//NF) In the context of this Declaration, the term "identifier" means a telephone number, as that 
term is commonly understood and used, as well as other unique identifiers associated with a particular user 
or telecommunications device for purposes of billing and/or routing communications, such as International 
Mobile Subscriber Identity (IMSI) numbers, International Mobile station Equipment Identity (IMEI) 
numbers, and calling card numbers. 
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domestic identifiers are in contact with the foreign identifiers; and (iii) detect possible 
terrorist-related comm.unications occurring between communicants located inside the 
United States, 

— (T3//SF/NI 7 ) Although NS A possesses a number of sources of information that can 
each be used to provide separate and independent indications of potential terrorist activity 
against the United States and its interests abroad, the best analysis occurs when NSA 
analysts can consider the information obtained from each of those sources together to 
compile and disseminate to the FBI as complete a picture as possible of a potential 
terrorist threat. Although BR FISA metadata is not the sole source available to NSA 
counterterrorism personnel, it provides a key component of the information NSA analysts 
rely upon to execute this threat identification and characterization role. 

A. The Valine of BR FISA Metadata: Contact-Chaining ^a ^~ " " ? 
(TS/ZSiy/Ffl 7 ) T he primary advantage of metadata analysis as applied to telephony 

metadata is that it enables the Government to analyze past connections and patterns of 

communication, The ability to accumulate metadata substantially increases NSA's 

ability to detect and identify persons affiliated with the Foreign Powers. Specifically, the 

NSA performs fc_„ ™ ^ queries on the metadata: contact-chaining JHBB 



"TT3//G T'"NF)-Wlien the NSA performs a contact-chaining query on a terrorist- 
associated telephone identifier] 

identify the further contacts made by that first tier 
of contacts. In addition, the same process can be used to identify additional tiers of 
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contacts, out to a maximum of three "hops" from the original identifier, as authorized by 
the Business Records Order. The collected metadata thus holds contact information that 
can be immediately accessed as new terrorist-associated telephone identifiers are 
identified. Multi-tiered contact chaining identifies not only the terrorist's direct 
associates but also indirect associates, and, therefore provides a more complete picture of 
those who associate with terrorists and/or are engaged in terrorist activities. 

(TS//GI//NF) One advantage of the metadata collected in this matter is that it is 
historical in nature, reflecting contact activity from the past that cannot be captured in the 
present or prospectively, To the extent that historical connections are important to 
understanding a newly-identified target, metadata may contain links that are unique, 
pointing to potential targets that may otherwise be missed. 
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■(TS//SD-JT) In sum, the BR FISA metadata analysis enriches the NSA analysts' 
understanding of the communications tradecraft of terrorist operatives who may be 
preparing to conduct attacks against the U.S. Terrorist operatives often take affirmative 
and intentional steps to disguise and obscure their communications. They do this by 
using a variety of tactics. 
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^C^) B. Fitting the Gaps: BR FISA Metadata in the Context of Other Coliectioas 

''iTStfStffiW^Q BR FISA metadata complements information NSA collects via 
other means and is a valuable, if not the only, means available to NSA for linking 
possible terrorist-related telephone communications that occur between communicants 
based solely inside the U.S. NSA analysts use the combination of telephony metadata 
and communications content collected pursuant to EO 12333 and/or Court-authorized 
electronic surveillance in concert with BR FISA metadata to develop an accurate 
characterization of individual/network activity; potentially derive the intent of the 
individual(s) or network; and learn of new terrorist networks or cells working inside the 
U.S. NSA's access to the BR FISA metadata improves the likelihood of the Government 
being able to detect terrorist cell contacts within the U.S. 

"lTS7ySi#^^ traditional SIGJNT collection, which focuses strictly on the 
foreign end of communications, provides limited signals-related information available to 
aid analysts in identifying possible terrorist connections emanating from or within the 
U.S. Collection authorized by Section 702 of the FAA is limited to the targeting of non- 
United States persons located overseas and does not provide NSA with information 
sufficient to support contact chainin ^^^^^^^^^^^^J rraditional Court-authorized 
electronic surveillance does not make available the full extent of metadata resident with 
the service providers and provided through the BR FISA. With the metadata provided 
by BR FISA, NSA has the information necessary to perform call chaining fcWWfflfflTC^S 
ff — ^ This analysis enables NSA to obtain a fuller understanding of the target and 
provide FBI with a more complete picture of possible terrorist-related activity occurring 
inside the U.S. 
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7TS//S^E3Ljhe value of the BR FISA is not hypothetical. Additional detail 
available in call data records (CDRs) allows NSA to recognize that a communicant is 
based in the U.S., a detail often absent in traditional SIGINT collection. Unlike 
traditional SIGINT collection, BR FISA CDRs include the calling party number in a call 
that originates from the United States. From telecommunications provider's perspective, 
only the called number is necessary to complete a call The originating, or calling, 
number is not required and 5 as unnecessary data, is often removed or manipulated by the 
U.S. telecommunications provider before leaving the U.S en route to an overseas 
provider. If the calling party information is present, it can be used by other 
telecommunication providers to understand macro traffic statistics and identify important 
business opportunities. For this reason, U.S. -origin calls collected overseas often lack a 
valid U.S. calling party number, making it difficult or impossible to identify that a 
particular call originated in the U.S. 

^(Tsr/Si^^ In illustration, prior to the attacks of 9/1 1, NSA intercepted via its 
overseas SIGINT collection and transcribed seven (7) calls made by hijacker Khalid al- 
Mihdhar, then living in San Diego, California, to a telephone identifier associated with an 
al Qaeda safe house in Yemen. However, the NSA SIGINT intercept was collected 
through an access point overseas and the calling party identifier was not available 
because it had not been transmitted with the call. Lacking this U.S. phone identifier and 
having nothing in the content of the calls to suggest that al-Mihdhar was actually inside 
the United States, NSA analysts concluded that al-Mihdhar remained overseas when, in 
fact, he. was in San Diego. The BR FISA metadata addresses the information gap that 
existed at the time of the al-Mihdhar case. It potentially allows NSA to note these types 
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of suspicious contacts and, when appropriate, to tip them to the FBI for follow-on 
analysis or action. 

(TS//SI//MF) O nce an identifier has been detected, NSA can use BR FIS A 
metadata along with other data sources to quickly identify the larger network and 
possible co -conspirators both inside and outside the U.S. for further investigation by the 
FBI with the goal of preventing future attacks. One recent example of BR FISA's 
contribution to characterizing a network of interest was the investigation referred to 



within NSA and FBI B ^g^fgf^ 



fgrabegan in January 2009. NSA 



(TS//SI//1JF) N SA's involvement with! 
analysts were following a foreign-based e-mail identifier associated with an al Qaeda 
facilitation cell in Yemen, an activity of significance due to U.S. Government concern 
with Yemen's potential to serve as an al Qaeda safe haven. This particular e-mail 
identifier was tasked under FAA authorities while numerous other network identifiers 
were monitored through EO 12333 authorities. B ^ftftftftftftftftggggggBBggBggBBgggBggggBtfuuuuui!^ 




pon 



verification. NSA E l ^^^^^^^™^ ^M^^ ^^ M Bi^^ ^^^^MBM^^^^BMHB6 

I^iiiiiiiiiiiiiiiiib^ as permitted by the Court-approved minimization procedures for NSA' s 
FAA collection, informed the FBI of the U.S. location of the identifiers. Upon receipt of 
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the NSA information, the FBI initiated a full field investigation and sought its own FISA 
coverage on the newly-discovered domestic links. 

t¥S#&WNE) NSA used the BR FISA metadata to aid the FBI investigation by 
adding critical insight into the network's functions and intent. Analysis of the BR FISA 
metadata demonstrated foreign contacts within the suspected network stretching from 
Kansas City to New York, the United Arab Emirates, Yemen and Denmark. While BR 
FISA did not discover the person of interest in Kansas City, the telephony metadata was 
able to confirm suspicions that the FBI already had about him. It confirmed the target's 
outbound contacts with other members of the network and provided a better 
understanding of the network. This characterization would not have happened without 
leveraging both the BR FISA metadata and the FAA access in conjunction with FBI's 
investigation. 

important resource for investigating threat leads obtained from other SIGINT collection 
or partner agencies. This is especially true for the NSA-FBI partnership. The BR FISA 
metadata enables NSA analysts to evaluate potential threats that it receives from or 
reports to the FBI in a more complete manner than if this data. source was unavailable. 
Even the absence of terrorist-related contacts in the BR FISA metadata can be valuable, 
because such "negative reporting" helps to assess the credibility of a prospective threat. 

^TSy/SiZ/NE) A final benefit of the way in which BR FISA metadata complements 
other counterterrorist- related collection sources is by serving as a significant enabler for 
NSA intelligence analysis. It assists NSA in applying limited linguistic resources 
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||||pxample illustrates, BR FISA metadata is an 



available to the counterterrorism problem against links that have the highest probability 
of connection to terrorist targets. Put another way, analysis of the BR FISA metadata can 
help NSA prioritize for content analysis communications which it acquires under other 
authorities. While ^ B ' ™^™ ' '"^ assists in identifying terrorist communications of 
interest, content exploitation is required to achieve a full understanding and 
characterization of the associations between the telephony identifiers and users. 
Additionally, content is critical to deriving intent of the individuals and associated 
networks. BR FISA metadata is an important piece for steering and applying content 
analysis so the U.S. Government can gain the best possible understanding of terrorist 
target actions and intentions. 



(U) C. Statistics/Additional Examples 

(TG/ZGL^TF) The foregoing discussion is not hypothetical, As noted on page seven 
of NSA' s end-to-end report on the Agency's implementation of the Business Records 
Order, between inception of the first Business Records Order in May 2006, and May 
2009, NSA issued 277 5 BR FISA-based reports to FBI and, if appropriate, to .other NSA 
customers. These reports tipped to the FBI roughly 2,900 identifiers that were noted to 




(TS//SI//NF) The number of reports included in my Declaration of 13 February 2009 was 275. This was 
based upon information gathered on 6 February 2009. Further review has taken into account the fact that 
an additional report was issued after 6 February, but before 13 February. Some of these reports had been 
cancelled for various reasons and some of the cancelled reports were reissued with corrections. Therefore, 
the correct number of unique reports as of the 1 3 February 2009 declaration should have been 274. My 
Declaration also stated that there were 2,549 selectors tipped in these reports. The actual number of 
selectors tipped in the 274 reports is 2.888. 
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~XTS7/SWNF)-A recent illustration of the use of the BR FISA metadata can be found 
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(TS//0I//14T) I n an even more recent example, on 2 June 2009 NSA received a 
request for information from the FBI pertaining to leads associated with 




NSA conducted initial research on the identifiers provided by the FBI in EO 12333 
metadata and subsequently sought approval from the FISC to query the identifiers against 
the BR FISA metadata. I ftiiii^ 




Without the 



BR FISA metadata, a significant number of those leads would have remained 



undiscovered and NSA's ability to evaluate jU.S. contacts would have been 

degraded. 
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(U) IV, Conclusion 

n(TD//SLWTr ) In conclusion, while all metadata analysis is essential in the fight 
against terrorism, the BR FIS A metadata provides NSA with additional information 
readily available through the providers, but which would be otherwise unavailable to 
NSA. The BR FISA metadata complements and enriches NSA analysts' understanding 
of the target and provides the capability to detect domestic identifiers calling foreign 
terrorist identifiers abroad; foreign terrorist-associated targets calling into the United 
States; and possible terrorist-related communications occurring between communicants 
solely in the U.S. That the BR FISA metadata is generating what may be perceived as 
little foreign intelligence in comparison with the volume of the data collected does not 
discount its value to NSA's analysis of potential terrorist threats to the U.S. and to NSA's 
ability to provide security for the nation. NSA's access to the BR FISA metadata 
addresses a key gap in the Intelligence Community's ability to connect foreign and 
domestic threat-related information and tip this information for appropriate follow-up 
investigation. 
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(U) I declare under penalty of perjury that the facts set forth above are true and 



correct. 




KEITtfB. ALE) 
Lieutenant General, U.S. Army 
Director, National Security Agency 



Executed this 3^ day of /Ul^*^^ 2009 



U 



16 



top SEXXEZZZa^M Il^ZNQHJ^ 
31 August 2009 Product i on 



136 



-to r;-: 17 Pn * 16 
UNITED STATES . ... . , -r 

FOREIGN INTELLIGENCE SURVEILLANCE COURT 

WASHINGTON, D.C 



IN RE APPLICATION OF THE FEDERAL 
BUREAU OF INVESTIGATION FOR AN 




Docket No.: 3R 09-09 



AFFIDAVIT OF ROBERT S. MUELLER, III 



I, F.obert S. Mueller, UL hereby affirm the following: 

(U) I am the Director of the Federal Bureau of Investigation (FBI).. United States 
Department of Justice (DOJ). a component of an Executive Department of the United 
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States Government (USG). I am responsible for, among other things, the national 
security operations of the FBI, including the FBI's Counterterrorism Division (CTD). 

(U) The matters stated herein are based upon my personal knowledge, my review 
and consideration of documents and information available to me in my official capacity, 
information furnished by the National Security Agency (NSA) and information famished 
by Special Agents and other employees of the FBI, 



(U) Purpose of the Affidavit 
"^57 t 7 £ N5^J/his affidavit is submitted in response to the Court's Orders dated March 
2, March 5, May 29, and July 9 3 2009 (Orders). It describes the FBI's assessment of the 
value of the Business Records FIS A (BR FISA) metadata to FBI national security 
investigations and, more broadly, to the national security of the United States. 



(IT) Relevance to Authorized Investigations 

^StVJ^F) | r • ; ; ; ; ; ; ; 1 ^Ifff^^ unknown persons in 

the United States and abroad affiliated with JaBBBBBBBWWWWWWWjf^ 

y+'fl are the subject of numerous FBI predicated investigations being conducted 
under guidelines approved by the Attorney General pursuant to Executive Order 12333, 
as amended. As of August 10. 2009, the FBI had approximately | | open predicated 
investigations 1 targeting BmJBBM JtflflflM^^ 



1 (U) Predicated investigations are either full investigations or preliminary investigations. A full 
investigation may be initiated if there is an articulable factual basis for the investigation that 
reasonably indicates, inter alia, that a threat to the national security has or may have occurred, is 
or may be occurring, or will or may occur and the investigation may obtain information relating 
to the activity or the involvement or role of an individual, group, or organization in such activity. 
A preliminary investigation may be initiated on the basis of information or an allegation 
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guidelines the Attorney General has approved pursuant to Executive Order 12333. as 
amended. 

(TS/SI//NF) The National Security Agency (NSA) has issued and is expected to 
continue to issue to the FBI BR FISA metadata "tippers" regarding telephone numbers 
that are associated un>^M i ^ nT ^iiiii^^ 



targets of FBI investigations. The tippers provide information regarding contacts 
between these foreign telephone numbers and domestic telephone numbers. NSA 
identifies the assessed users of the foreign telephone numbers, the dates of contact 
between the foreign telephone numbers and the domestic telephone numbers, and any 
additional information, e.g.. foreign telephone number's country of origin, domestic 
telephone number's city and state, etc.. that NSA may have regarding the telephone 
numbers. 

^JSSS¥r ¥Bl Processing of BR FISA Metadata Reports 
j£Z£fc4?)-FBI employees from the Counterterrorism Division's (CTD) 
Communications Analysis Unit (CAU) are detailed full-time to the NSA ! s Homeland 

indicating, inter alia, that a threat to the national security has or may have occurred, is or may be 
occurring, or will or may occur and the investigation may obtain information relating to the 
activity or the involvement or role of an individual, group, or organization in such activity. 
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Security .Analysis Center (HSAC). These detailees, known as 'Team 10 f ;i consist of a 
Supervisory Special Agent and several Intelligence Analysts. Team 10's chief 
responsibility is to identify and initially process domestic information contained in 
reports disseminated to the FBI from HSAC. 2 Upon receiving an HSAC report, Team 10 
queries FBI databases to determine whether the FBI already has information about any of 
the domestic facilities contained in the report. Team 10 then transmits the NSA 
information together with additional analysis based on any information already known to 
the FBI to the appropriate FBI field offices. Team 10 also recommends subsequent 
investigation to the field office, 



~(TG//GL'V1\TF}- The FBI derives value from the BR FIS A metadata primarily in two 
ways. First BR FISA metadata provides information that assists the FBI in detecting, 
preventing, and protecting against terrorist threats to the national security of the United 
States by providing the predication to open investigations, advance pending 
investigations, and revitalize stalled investigations. Second, metadata obtained via the 
BR FISA. can provide warning signals that alert the FBI to individuals who are inside the 
United States and axe linked to persons who pose a threat to the national security. 

^5&£iXj* BR FISA Metadata as Additional Information 

- (S//SI) T he FBI is authorized, inter alia, to collect intelligence and to conduct 
investigations to detect, obtain information about, and prevent and protect against 

HS^Ej^iSAC reports include BR FISA metadata "tippers." 




(S//SI) Value of BR FISA Metadata to FBI investigations 
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terrorist threats to national security. The more information the FBI has regarding such 
threats to the national security, the more likely it will be able to prevent and protect 
agaiiist those threats. The BR FISA metadata program is a source of information that the 
FBI uses in its mission to detect, prevent, and protect against terrorist threats to national 
security. The oft-used metaphor is that the FBI is responsible for ''connecting the dots' 5 
to form a picture of the threats to national security. BR FISA metadata provides 
additional "dots" that the FBI uses to ascertain the nature and extent of domestic threats 
to the national security. 



(5#SQ ^ certa in circumstances, the FBI may already have an investigative 
interest in a particular domestic telephone number prior to receipt of a BR FISA metadata 
tipper containing that domestic telephone number. Nevertheless, the tipper may be 
valuable if it provides new information regarding the domestic telephone number that 
revitalizes the investigation or otherwise allows the FBI to focus its resources more 
efficiently and effectively. 

"H£S#SI^The FBI has received BR FISA metadata tippers containing information 
not previously known to the FBI about domestic telephone numbers utilized by targets of 
pending preliminary investigations, The information from the BR FISA metadata tippers 
has. provided articulable factual bases to believe that the subjects posed a threat to the 
national security such that the preliminary investigations could be converted to full 
investigations, which, in turn, led the FBI to focus resources on those targets." 1 The FBI 
has also re-opened previously closed investigations based on information contained in 

J (U) Because there is greater predication for a full investigation (an articulable factual basis to 
believe the subject poses a threat to the national security) than for a preliminary investigation 
(information or allegation that the subject is or may be a threat to the national security), the FBI 
tends to focus more resources on mil investigations than preliminary investigations. 
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BR FIS A metadata tippers. In those instances, the FBI had previously exhausted all leads 
and concluded that no further investigation was warranted. The new information from 
the BR FISA metadata tippers was significant enough to warrant the re-opening of the 
investigations. 

(S//NF) P rovided below are two examples of investigations |^^^^^^^flstj| 



| Ifjthat were re-opened because of new information provided 



by a BR FlSA metadata tipper. 



■^S/ZSIXJI. BR FISA Metadata Analysis as an "Early Warning System" 

(S//SI) The earlier the FBI obtains information about a threat to national security, 
the more likely it will be able to prevent and protect against those threats. The BR FISA 
metadata program sometimes provides information earlier than the FBI's other 
investigative methods .and techniques. To use the oft-used metaphor, BR FISA, metadata 
sometimes provides "dots" that the FBI may not otherwise have uncovered until much 
later in its investigation. In those instances, the BR FISA metadata program acts as an 
"early warning system" of potential threats against national -security. 

(S//SI) In certain circumstances, the FBI may receive a BR FISA metadata tipper 
containing information regarding a domestic telephone number that the FBI inevitably 
would have discovered via other investigative techniques. Nevertheless, that tipper is 
valuable because it provides information earlier than the FBI would otherwise have 
obtained it. Earlier receipt of the information may advance the investigation and could 
contribute to the FBI preventing or protecting against a threat to national security 7 that 
absent the BR FISA metadata tipper, the FBI could not. 
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""^STy-S^JThe FBI has also received BR F1S A metadata tippers regarding domestic 
telephone numbers in which the FBI had little or no prior investigative interest at the time 
the tipper was received. In those instances, tire FBI opened either a preliminary or a full 
investigation of the user of the domestic telephone number. Here again, although the FBI 
may have inevitably developed an investigative interest in these domestic telephone 
numbers, it Is impossible to say when that would have occurred or whether it would have 
occurred too late to prevent or protect against a terrorist attack. 

"X&i^I)^ Provided below are two examples of preliminary investigations^^^^^ 

FISA metadata tippers. In both cases, the investigations were eventually converted to full 
investigations based on information developed by the FBI. thus demonstrating the value 
of the BP. FISA metadata information. 



(U) III. Statistical laformatioB Pertaining to Full Investigations 

(TS//SI//NF) One method of quantifying the value of the BR FISA metadata to 
the FBI's efforts to protect the nation's security is the number of predicated fall 
investigations that the FBI has opened or supported using BR FISA metadata provided by 
theNSA 4 Full investigations opened based on BR FISA metadata tippers illustrate the 
value of the BR FISA. metadata in assisting the FBI to identify previously unknown 
connections berween persons in the United States and | 

I Similarly, 




* -(S//}Jr) ' f ull investigations are typically more significant and fruitful than preliminary 
investigations. I will, therefore, limit the information discussed in this affidavit to full 
investigations that were predicated, in whole or part, or assisted by BR FISA metadata. 
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the number of preliminary investigations converted to full investigations illustrates the 
importance of the BR FISA metadata in assisting the FBI to develop suspected 
connections between persons in the United States and||| 



(S//NF) B elow is a chart containing statistical information pertaining to 
investigations that were opened as fall investigations or converted from preliminary 
investigations to full investigations based, at least in part, on information from BR FISA 
metadata since the Court first authorized the BR FISA order in 2006 through 2008, 
These statistics show that the BR FISA metadata's contribution to FBI investigations is 
not insignificant This chart includes (1) the total number of full investigations that are 
predicated, at least in part, on BR FISA metadata;" (2) the number of Intelligence 
Information Reports (IIRs) issued to foreign partners from these full investigations; and 
(3) the number of IIRs issued to other U.S. government agencies from these full 
investigations. 



3 (S//NF) The FBI's statistics include investigations that were (1) opened as full investigations 
based, at least in part, on BR FISA metadata, and (2) preliminary investigations that were 
converted to full investigations based, at least in part, on BR FISA metadata. These statistics are 
limited to investigations that are connected directly to BR FISA metadata tippers, BR FISA 
metadata tippers have also indirectly contributed to the predication for other investigations. For 
example, information obtained during the full investigation of^^^^^^^^^^^^| discussed 
below, led the FBI to open preliminary investigations of others suspected of engaging in similar 
activities. This affidavit is limited to investigations based directly., at least in part on BR FISA 
metadata. 
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Year 


Full Investigations 
Opened/Preliminary 
Investigations 
Converted to Full 
Investigations 


Intelligence 
Information Reports 
(URs) Issued to 
Foreign Partners 


IIRs issued to Other 
U.S. Government 
Agencies 


2006 


3 


1 




2007 


9 


6 


8 


2008 


15 


24° 


35 


Total 


27 


31 


46 



(S//SI) During the 27 full investigations that were based, at least in part, on BR 



F.ISA metadata tippers, the FBI has found and identified known and unknown members 




information NS A has tipped to the FBI has also permitted FBI to acquire additional 



information about such individuals and their activities, including criminal activities in 
support of international terrorism. 



(U) IY. Specific Examples of Noteworthy Fall Isvestigatioas 

(S//GI) T o illustrate the value of the BR FISA metadata program to the FBI, four 
(4) full investigations that were predicated, at least in part, on BR FISA metadata tippers 
are summarized below. 



~ ^S/jQ^F) Because certain IIRs were issued to multiple countries, the FBI issued a total of 5 1 
IIRs to foreign partners. 
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-(S) On or about | 



le FBI opened a preliminary investigation of 
a U.S. person, based on an anonymous letter alleging 
that he and eight others had ties to the Muslim extremist organizatioi ^ yy^iiiiiiiiiiiiu U ]j | 

|After pursuing all available leads, the FBI closed the preliminary 
investigation on pjggp jggj. because it had not developed any evidence tending to 
show that^^^^was, in fact, affiliated witt^^Bj^ 

(TD//SL7DC/yW) On or about fc-™u.5^tr~ -r J ? the FBI received an intelligence 



established a 



report from the NSA that included information and contact chaining analysis conducted 
on data obtained through the BR FIS A order ("metadata report"). The metadata report 

action between a| | telephone known to be used by 

~ J -based extremist with ties to fr* --------------------------------^I3Bi 

an unlisted [fr ■■■■■■■■■■■■■■■■■■■■■■■■■■■■■^■^■■■■■■■■■■■■■■■■■■■■^ telephone number. 7 The 
| Division opened a preliminary 7 investigation of the unknown user of the 
telephone number based upon the information contained in the metadata report 








FBI's 











and information contained in FBFs databases that telephone number 



linked to 



| other pending FBI investigations.' 



'' (S//NF) The metadata tipper established thatjjfc ISSyj telephone was in contact with 

another BEfejtig ^jS B telephone. That second KLSlH cellular telephone was in contact with 



e tS) Most notably, prior to 
investigation conducted by th 
letter (NSL) telephone recom 
who was suspected of 
According to the telephone records. 




I opening of the preliminary investigation, in an 
|Di vision, the FBI had obtained via a national security 

; investigation. 
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during 



(TS//SI/REL TO USA, AUG, CAT J, GBR, NZL) On or about | 
gp^^^-J preliminary investigation, the FBI received information from the 

telephone number 





- ': j - 

mm; 


using the 





Is^^^^J j had state;d that 



At the time, 



iS ||was linked to the | 



jffSPl was identified by the FBI as a user 



*£S^ On or about (SSS 
of telephone number |j§^^^^|^jf Based on that identification, the fact that 
was formerly the subject of ajg5|jpreliminary investigation, and the phonetic 

ll^jjfrrst name j^^^^jand the name ^^^fti the 



m 



similarity between 



Division converted the preliminary investigation of the unknown user of|§j||||||| 
into a full investigation of (111 

(TS/'/SI) During the full investigation, the FBI obtained authorization from this 
Court to conduct electronic surveillance of 
!rJi!i l M — Court-authorized electronic surveillance of 

^^^jrevealed that ^^^J and ^^^fi routinely discussed ^^y^™ - ^^ 



jg^^^ ' -*1 Also through this investigation, the FBI has identified other 

individuals in the United States who are believed to be involved in B»y- ■■3Efl 
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ior| 



| fall investigations have been opened as a result of information 



obtained through the ftSpS investigation. The t'Bl has also identified certain methods 



and means that these individuals use to I 



suspected use of 



including; the 



• n i 



- (S//QC/^ ' TTr The FBI is working with the Department of Justice, National 
Security Division, and the United States Attorney's Office, WZ*mmmmmmmmmm*Z$ 

| to indictgg^^lon criminal charges that include, but are not limited to, | 



>S) B. 



On or about 




the FBI opened a fall investigation of I 




Jmade terrorist threats 



pjbased on information indicating that 
and were connected to II On or about 



_ _ »J the FBI closed this 

investigation (the | | investigation) after pursuing all available leads because the U.S. 
Attorney's Office. | Tu u u u u u u L ' 111111111 ^ was reluctant to proceed unless 
additional evidence could be obtained. 

(TS//OC//NF) On or about( | the FBI received a BR FISA 

metadata report from the NS A that included information and contact chaining analysis 
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indicating that 



H 



each been in contact with several cellular telephone numbers in(^E23S^H 
were believed to be used by ^j^JL^l^ 1 1 The ^.L' !!!!!!!""""" L:^ cellular telephone 

numbers were, in tarn, in contact wilh jUB BBHSBBl telephone numbers believed to be 

associated with j^p^^^^|§^||^^^Bpi^g^^^^^ which are owned 
by 



In addition, the BR FIS A metadata report stated that a 
telephone number, reportedly registered t< 
had also been in contact with two of the aforementioned 



telephone numbers. 
~ (S/'/IiT)- Based upon the information obtained in the | | investigation, 
information obtained from another investigation that had been conducted fromJ|§§ 

" »» »» ^l^JJ^l " ' 14 and on the information provided by the BR FIS A metadata 
report, the FBI re-opened the full terrorism investigation of |j 



- (S//OC//I ' fl j ) -Since re -opening the investigation iq 
reports from various sources, [ SJTTTTTTTt rrrrrrrrrrrrrrrrrrrrrl 
are connected to and fc^lM^^ 



I, the FBI has received 



HS/ZlNTj According to NS A reporting ; 



believed to be a 




(S) The F bl subseque ntly confirmed via an NSL that|| 
of two of the F^y^J telephone numbers . 

13 - (G) - Acc ording to U.S. Intelligence Community reporting, 
\ that is responsible for directing and supporting H 



j^^were the subscribers 




4 -^S^ In BfcL^J , the FBI re-opened the full investigation of -^^^^^^^g|)ased on an 
anonymous letter alleging that they supported BS^jjJ. The FBI uncovered no new additional 
evidence, and closed the investigation again in^gs| ~M 
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^S^JLhe FBI continues to investigate '^^^^^^^^^sxispeoiod 



tor 



1iPBPPPBr| '1'he FBI recently obtained renewed FISC authority to conduct electronic 
surveillance and physical searches oi fe^l^fe^ telephone and e-mail accounts, as well 



85 p^|?|g3;f| elephone and e-mail accounts, as agents of| 
The FBI's investigation of ::ftSIBRSKli 



(TS//SI//OC/^JF) On or about the FBI received a BR FISA 
metadata report from the NSA that included information and contact chaining analysis 
indicating that associates of . 



living in the ^ gwwwwww^ i wj . had been in contact with several U.S. P wwwwfl f j 
telephone numbers. 10 According to the NSA's BR FISA metadata report, two of the 
foreign telephone numbers that were in contact with || || one [; — — -S!!^ 

cellular number and one [fcsflj cellular number, were also in contact with U.S. telephone 

gas the apparent subscriber of the telephone number, 

IpwwwaaM by the FBI in 



Furthermore, toll billing records obtained via NSL's in 



■bad been in contact 



connection with other FBI investigations revealed that 
with telephone numbers associated with four other pending counterterrorism 
investigations. That information, in conjunction with the information obtained from the 



{TS.VST/^.VHP) Acc ording to the N SA, lj|||is the leader of a mainly ^ Sj^^^ag^^^ i 
Islamic extremists called |V ^'^v" yj and maintains ties to more radical members of 
^ S^^^f^^^^^^^^^^\^^ m organization design ated by the Interagency Intelligence 

Committee on Terrorism (HCT) as a tier 1 support entity to fcS^gg|| 

1 5 (S//NF) The FBI had received previous reports regarding p^^^nd his activities from both the 



TO? S eiCRBT / / COMIHT / / NQFQRN/ /Ul 3K 

31 August 2009 Production 



150 



BR FISA metadata program, formed the basis for the FBI's decision to open a 
preliminary investigation oflftfiftii 



The preliminary investigation was opened on 



(S//OC//NT) During the preliminary investigation, the FBI learned that 



board member of^^^M^M 




On or about 

[had been designated by|| 



funds toj 



reported to the FBI 
as a point ~of-contact for [| | 
j|has donated 

I Based on this additional information, on Bf^wMWHw'J the FBI 



■ a senior member o 



and that ft 



converted the preliminary investigation of 



J3to a full investigation. 



(S/fNF) 1 he t'Bl has obtained information about several financial transactions that 

II - - ;: 



suggests fH :^^is providing material support to a foreign terrorist organization. On 




According to the CIA. I 



as well. as the| 

SlllI " 



is believed to be a member of 



In addition, | 



sent! 



onl 



h'inally, 



. The CIA has reported that 
sent 
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§j|§ I Mm 



on I 



According to the CIA. ^l^^fgi s a 



former senior member of 

■ (S/^JF) Although these known money transfers to 



■ • - mm 



g| _ . . -J 



are not particularly large, they do show connections between P ^^^if :] and 
members and former members of | 

significant account activity that occurred or BartBM^lw B- On that date, 
made deposits to his checking account oi B^—wj and^^^^^J including | | in 

ank named 



These connections are troubling in light of 



ioreiga currency. § 




suspicious because it is larger th; 



■ typical transactions. 



- (C.ffllT) The FBI continues to investigate £?j has b e gu& to receive 

and .analyze responses to eleven national security letters that were served during | 
Ififalflj The FBI is also investigating theJaaBS] bank account thai received [|aij|J from 

i.v4 il i wl i 



(TC//CLVOC/,W) On or about^^^^H' the FBI received a BR FISA 
metadata report from the NSA that included information and contact chaining analysis 





The CIA reported in March 2009 that 
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indicating that a^^^^ellular telephone number used by several extremists associated 
with the |y -tiiiiiiiiiiiiim had been in contact with several U.S. telephone 

numbers, including I ~ 



W^^^S The FBI?S 



| cellular number 

database contained information from another investigation indicating that the subscriber 
of the ■ 



telephone number was Sl^^^BftS^^H Based on the information 



contained in the BR FiS A metadata report, the (||§jDivision was instructed by FBI 

HQ to conduct a threat assessment of the user of the [^^^^t^|S| ostensibly ^^^^^ 



tiffin 



(S//HT//OC) Thd 



I Division subsequently received information from a 



§§f had been killed 



on or about ^Bi m i m i m i m i m i m™^ ^ i m ii wu^jmim 

Based on the BR FIS A metadata, the information 
identifying the subscriber of the ^aaj telephone number, ^d feg gym 

the FBr^ggj Division opened a full investigation of 
Jto investigate 



|| alleged association with | 



Alfhoughjp ^had been reported killed, the FBI elected to investigate, inter alia, 

whether the report of ^^^^^^^Mdeath was accurate and whether others traveled 



overseas and took part in terrorist training with him in | 



(U) Conclusion 

. (TS//SI) The facts set forth, above demonstrate that the BR FISA metadata has 
historically proved to be a valuable source of intelligence to the FBI. Its historic value 
leads me to conclude that the BR FISA. metadata will continue to be a valuable source of 
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intelligence that is relevant to numerous FBI-authorized international terrorism 
investigations. Accordingly, I hereby certify that the BR FISA metadata is relevant to an 
authorized investigation (other than a threat assessment) to obtain foreign intelligence 
information not concerning a U.S. person or to protect against international terrorism or 
clandestine intelligence activities, and that such investigation of a U.S. person is not 
conducted solely on the basis of activities protected by the First Amendment, 

(U) Pursuant to 28 U.S.C. § 1 746, 1 declare under penalty of perjury thai the 
foregoing is true and correct. 





ROBERT S. MUELLEk, III 



Director 

Federal Bureau of Investigation 
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